DEBIAN-CVE-2025-40125
In the Linux kernel, the following vulnerability has been resolved: blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx In __blk_mq_update_nr_hw_queues() the return value of blk_mq_sysfs_register_hctxs() is not checked. If sysfs creation for hctx fails, later changing the number of hw_queues or removing disk will trigger the following warning: kernfs: can not remove 'nr_tags', no directory WARNING: CPU: 2 PID: 637 at fs/kernfs/dir.c:1707 kernfs_remove_by_name_ns+0x13f/0x160 Call Trace: remove_files.isra.1+0x38/0xb0 sysfs_remove_group+0x4d/0x100 sysfs_remove_groups+0x31/0x60 __kobject_del+0x23/0xf0 kobject_del+0x17/0x40 blk_mq_unregister_hctx+0x5d/0x80 blk_mq_sysfs_unregister_hctxs+0x94/0xd0 blk_mq_update_nr_hw_queues+0x124/0x760 nullb_update_nr_hw_queues+0x71/0xf0 [null_blk] nullb_device_submit_queues_store+0x92/0x120 [null_blk] kobjct_del() was called unconditionally even if sysfs creation failed. Fix it by checkig the kobject creation statusbefore deleting it.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | linux | 6.1.106-1, 6.1.106-2, 6.1.106-3 |
| Debian:14 | linux | 6.15.5-1, 6.15.6-1, 6.15 |
| Debian:11 | linux | 5.10.179-1, 5.10.140-1, 5.10.148-1 |
| Debian:13 | linux | 6.12.43-1, 6.12.43-1~bpo12+1, 6.12.48-1 |
| Debian:11 | linux-6.1 | 6.1.140-1, 6.1.147-1, 6.1.148-1 |
Timeline
- Nov 12, 2025 CVE Published
- Apr 28, 2026 CVE Updated