[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-40130":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":14,"duplicates":57,"related":58,"reserved_at":9,"published_at":73,"modified_at":74,"state":75,"summary":76,"references_raw":80,"kevs":91,"epss":92,"epss_history":95,"metrics":366,"affected":367},"CVE-2025-40130","In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix data race in CPU latency PM QoS request handling\n\nThe cpu_latency_qos_add/remove/update_request interfaces lack internal\nsynchronization by design, requiring the caller to ensure thread safety.\nThe current implementation relies on the 'pm_qos_enabled' flag, which is\ninsufficient to prevent concurrent access and cannot serve as a proper\nsynchronization mechanism. This has led to data races and list\ncorruption issues.\n\nA typical race condition call trace is:\n\n[Thread A]\nufshcd_pm_qos_exit()\n  --> cpu_latency_qos_remove_request()\n    --> cpu_latency_qos_apply();\n      --> pm_qos_update_target()\n        --> plist_del              \u003C--(1) delete plist node\n    --> memset(req, 0, sizeof(*req));\n  --> hba->pm_qos_enabled = false;\n\n[Thread B]\nufshcd_devfreq_target\n  --> ufshcd_devfreq_scale\n    --> ufshcd_scale_clks\n      --> ufshcd_pm_qos_update     \u003C--(2) pm_qos_enabled is true\n        --> cpu_latency_qos_update_request\n          --> pm_qos_update_target\n            --> plist_del          \u003C--(3) plist node use-after-free\n\nIntroduces a dedicated mutex to serialize PM QoS operations, preventing\ndata races and ensuring safe access to PM QoS resources, including sysfs\ninterface reads.",null,[],[],[],[],[15,17,19,21,23,25,27,29,31,33,35,37,39,41,43,45,47,49,51,53,55],{"_key":16},"OPENSUSE-SU-2026:20311-1",{"_key":18},"OPENSUSE-SU-2026:20314-1",{"_key":20},"SUSE-SU-2026:20207-1",{"_key":22},"SUSE-SU-2026:20220-1",{"_key":24},"SUSE-SU-2026:20228-1",{"_key":26},"SUSE-SU-2026:20634-1",{"_key":28},"SUSE-SU-2026:20635-1",{"_key":30},"SUSE-SU-2026:20636-1",{"_key":32},"SUSE-SU-2026:20637-1",{"_key":34},"SUSE-SU-2026:20643-1",{"_key":36},"SUSE-SU-2026:20644-1",{"_key":38},"SUSE-SU-2026:20646-1",{"_key":40},"SUSE-SU-2026:20648-1",{"_key":42},"OPENSUSE-SU-2026:20145-1",{"_key":44},"USN-8029-1",{"_key":46},"USN-8029-2",{"_key":48},"USN-8029-3",{"_key":50},"USN-8030-1",{"_key":52},"DEBIAN-CVE-2025-40130",{"_key":54},"UBUNTU-CVE-2025-40130",{"_key":56},"USN-8048-1",[],[59,60,61,62,63,64,65,66,67,68,69,70,71,72],{"_key":16},{"_key":18},{"_key":20},{"_key":22},{"_key":24},{"_key":26},{"_key":28},{"_key":30},{"_key":32},{"_key":34},{"_key":36},{"_key":38},{"_key":40},{"_key":42},"2025-11-12T10:23:21.605Z","2026-05-11T21:43:19.987Z","Deferred",{"cisa_kev":77,"cisa_ransomware":77,"cisa_vendor":9,"epss_severity":78,"epss_score":79,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":75},false,"low",0.00026,[81,87],{"url":82,"sources":83,"tags":86},"https://git.kernel.org/stable/c/d9df61afb8d23c475f1be3c714da2c34c156ab01",[84,85],"cve.org","nvd",[],{"url":88,"sources":89,"tags":90},"https://git.kernel.org/stable/c/79dde5f7dc7c038eec903745dc1550cd4139980e",[84,85],[],[],{"date":93,"score":79,"percentile":94},"2026-06-03",0.07861,[96,100,103,106,109,112,115,119,122,125,128,131,134,137,140,143,146,149,152,154,157,160,163,166,169,172,175,178,181,184,187,190,193,196,199,202,205,208,211,214,217,220,223,226,229,231,234,237,240,243,246,249,252,255,258,261,264,267,270,273,276,279,282,285,288,290,293,296,299,303,306,309,312,315,318,321,324,327,330,333,336,339,342,345,348,351,354,357,360,363],{"date":97,"score":98,"percentile":99},"2025-11-12",0.00018,0.03565,{"date":101,"score":98,"percentile":102},"2025-11-13",0.03598,{"date":104,"score":98,"percentile":105},"2025-11-14",0.03607,{"date":107,"score":98,"percentile":108},"2025-11-15",0.03638,{"date":110,"score":98,"percentile":111},"2025-11-16",0.03636,{"date":113,"score":98,"percentile":114},"2025-11-17",0.03619,{"date":116,"score":117,"percentile":118},"2025-11-18",0.00024,0.03246,{"date":120,"score":117,"percentile":121},"2025-11-19",0.03296,{"date":123,"score":117,"percentile":124},"2025-11-20",0.03363,{"date":126,"score":117,"percentile":127},"2025-11-21",0.05505,{"date":129,"score":117,"percentile":130},"2025-11-22",0.05474,{"date":132,"score":117,"percentile":133},"2025-11-23",0.05452,{"date":135,"score":117,"percentile":136},"2025-11-24",0.05431,{"date":138,"score":117,"percentile":139},"2025-11-25",0.05435,{"date":141,"score":117,"percentile":142},"2025-11-26",0.05462,{"date":144,"score":117,"percentile":145},"2025-11-27",0.05479,{"date":147,"score":117,"percentile":148},"2025-11-28",0.05459,{"date":150,"score":117,"percentile":151},"2025-11-29",0.05503,{"date":153,"score":117,"percentile":151},"2025-11-30",{"date":155,"score":117,"percentile":156},"2025-12-01",0.05579,{"date":158,"score":117,"percentile":159},"2025-12-02",0.05595,{"date":161,"score":117,"percentile":162},"2025-12-03",0.05617,{"date":164,"score":117,"percentile":165},"2025-12-04",0.05584,{"date":167,"score":117,"percentile":168},"2025-12-05",0.05648,{"date":170,"score":117,"percentile":171},"2025-12-06",0.0566,{"date":173,"score":117,"percentile":174},"2025-12-07",0.05656,{"date":176,"score":117,"percentile":177},"2025-12-08",0.05651,{"date":179,"score":117,"percentile":180},"2025-12-09",0.05693,{"date":182,"score":117,"percentile":183},"2025-12-10",0.05766,{"date":185,"score":117,"percentile":186},"2025-12-11",0.05762,{"date":188,"score":117,"percentile":189},"2025-12-12",0.05793,{"date":191,"score":117,"percentile":192},"2025-12-13",0.05832,{"date":194,"score":79,"percentile":195},"2025-12-14",0.06558,{"date":197,"score":79,"percentile":198},"2025-12-15",0.06529,{"date":200,"score":79,"percentile":201},"2025-12-16",0.0655,{"date":203,"score":79,"percentile":204},"2025-12-17",0.06638,{"date":206,"score":79,"percentile":207},"2025-12-18",0.06698,{"date":209,"score":79,"percentile":210},"2025-12-19",0.06687,{"date":212,"score":79,"percentile":213},"2025-12-20",0.06681,{"date":215,"score":79,"percentile":216},"2025-12-21",0.06671,{"date":218,"score":79,"percentile":219},"2025-12-22",0.06625,{"date":221,"score":79,"percentile":222},"2025-12-23",0.0662,{"date":224,"score":79,"percentile":225},"2025-12-24",0.06651,{"date":227,"score":79,"percentile":228},"2025-12-25",0.06714,{"date":230,"score":79,"percentile":228},"2025-12-26",{"date":232,"score":79,"percentile":233},"2025-12-27",0.06727,{"date":235,"score":79,"percentile":236},"2025-12-28",0.06711,{"date":238,"score":79,"percentile":239},"2025-12-29",0.06692,{"date":241,"score":79,"percentile":242},"2025-12-30",0.06674,{"date":244,"score":79,"percentile":245},"2025-12-31",0.06721,{"date":247,"score":79,"percentile":248},"2026-01-01",0.06785,{"date":250,"score":79,"percentile":251},"2026-01-02",0.06776,{"date":253,"score":79,"percentile":254},"2026-01-03",0.06766,{"date":256,"score":79,"percentile":257},"2026-01-04",0.06616,{"date":259,"score":79,"percentile":260},"2026-01-05",0.06567,{"date":262,"score":79,"percentile":263},"2026-01-06",0.06573,{"date":265,"score":79,"percentile":266},"2026-01-07",0.06598,{"date":268,"score":79,"percentile":269},"2026-01-08",0.06654,{"date":271,"score":79,"percentile":272},"2026-01-09",0.06666,{"date":274,"score":79,"percentile":275},"2026-01-10",0.06702,{"date":277,"score":79,"percentile":278},"2026-01-11",0.0669,{"date":280,"score":79,"percentile":281},"2026-01-12",0.06657,{"date":283,"score":79,"percentile":284},"2026-01-13",0.06642,{"date":286,"score":79,"percentile":287},"2026-01-14",0.06762,{"date":289,"score":79,"percentile":254},"2026-01-15",{"date":291,"score":79,"percentile":292},"2026-01-16",0.06777,{"date":294,"score":79,"percentile":295},"2026-01-17",0.06793,{"date":297,"score":79,"percentile":298},"2026-01-18",0.0677,{"date":300,"score":301,"percentile":302},"2026-01-19",0.00027,0.07207,{"date":304,"score":301,"percentile":305},"2026-01-20",0.07173,{"date":307,"score":301,"percentile":308},"2026-01-21",0.07165,{"date":310,"score":301,"percentile":311},"2026-01-22",0.07143,{"date":313,"score":301,"percentile":314},"2026-01-23",0.07201,{"date":316,"score":301,"percentile":317},"2026-01-24",0.07256,{"date":319,"score":301,"percentile":320},"2026-01-25",0.07242,{"date":322,"score":301,"percentile":323},"2026-01-26",0.07226,{"date":325,"score":301,"percentile":326},"2026-01-27",0.0721,{"date":328,"score":301,"percentile":329},"2026-01-28",0.07188,{"date":331,"score":301,"percentile":332},"2026-01-29",0.07181,{"date":334,"score":301,"percentile":335},"2026-01-30",0.07193,{"date":337,"score":301,"percentile":338},"2026-01-31",0.07216,{"date":340,"score":301,"percentile":341},"2026-02-01",0.07247,{"date":343,"score":301,"percentile":344},"2026-02-02",0.0723,{"date":346,"score":301,"percentile":347},"2026-02-03",0.07197,{"date":349,"score":301,"percentile":350},"2026-02-04",0.07212,{"date":352,"score":301,"percentile":353},"2026-02-05",0.07263,{"date":355,"score":301,"percentile":356},"2026-02-06",0.07292,{"date":358,"score":301,"percentile":359},"2026-02-07",0.07303,{"date":361,"score":301,"percentile":362},"2026-02-08",0.07302,{"date":364,"score":301,"percentile":365},"2026-02-09",0.0726,[],[368],{"ecosystem":9,"name":369,"vendor":370,"product":370,"cpe_part":371,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":372},"Linux","linux","a",[373,380,383],{"version":374,"is_range":375,"range_type":84,"version_start":376,"version_start_type":377,"version_end":378,"version_end_type":379,"fixed_in":9},">= 2777e73fc154e2e87233bdcc0e2402b33815198e, \u003C d9df61afb8d23c475f1be3c714da2c34c156ab01",true,"2777e73fc154e2e87233bdcc0e2402b33815198e","including","d9df61afb8d23c475f1be3c714da2c34c156ab01","excluding",{"version":381,"is_range":375,"range_type":84,"version_start":376,"version_start_type":377,"version_end":382,"version_end_type":379,"fixed_in":9},">= 2777e73fc154e2e87233bdcc0e2402b33815198e, \u003C 79dde5f7dc7c038eec903745dc1550cd4139980e","79dde5f7dc7c038eec903745dc1550cd4139980e",{"version":384,"is_range":77,"range_type":84,"version_start":384,"version_start_type":377,"version_end":384,"version_end_type":377,"fixed_in":9},"6.9"]