{"id":"CVE-2025-40125","summary":"blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx\n\nIn __blk_mq_update_nr_hw_queues() the return value of\nblk_mq_sysfs_register_hctxs() is not checked. If sysfs creation for hctx\nfails, later changing the number of hw_queues or removing disk will\ntrigger the following warning:\n\n  kernfs: can not remove 'nr_tags', no directory\n  WARNING: CPU: 2 PID: 637 at fs/kernfs/dir.c:1707 kernfs_remove_by_name_ns+0x13f/0x160\n  Call Trace:\n   remove_files.isra.1+0x38/0xb0\n   sysfs_remove_group+0x4d/0x100\n   sysfs_remove_groups+0x31/0x60\n   __kobject_del+0x23/0xf0\n   kobject_del+0x17/0x40\n   blk_mq_unregister_hctx+0x5d/0x80\n   blk_mq_sysfs_unregister_hctxs+0x94/0xd0\n   blk_mq_update_nr_hw_queues+0x124/0x760\n   nullb_update_nr_hw_queues+0x71/0xf0 [null_blk]\n   nullb_device_submit_queues_store+0x92/0x120 [null_blk]\n\nkobjct_del() was called unconditionally even if sysfs creation failed.\nFix it by checkig the kobject creation statusbefore deleting it.","modified":"2026-03-20T12:43:11.420044Z","published":"2025-11-12T10:23:20.180Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40125.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/06c4826b1d900611096e4621e93133db57e13911"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4b97e99b87a773d52699521d40864f3ec888e9a6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4c7ef92f6d4d08a27d676e4c348f4e2922cab3ed"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6e7dadc5763c48eb3b9b91265a21f312599ebb2c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a8c53553f1833cc2d14175d2d72cf37193a01898"},{"type":"WEB","url":"https://git.kernel.org/stable/c/babc634e9fe2803962dba98a07587e835dbc0731"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cc14ea21c4e658814d737ed4dedde6cd626a15ad"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d5ddd76ee52bdc16e9f8b1e7791291e785dab032"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40125.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40125"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"477e19dedc9d3e1f4443a1d4ae00572a988120ea"},{"fixed":"a8c53553f1833cc2d14175d2d72cf37193a01898"},{"fixed":"cc14ea21c4e658814d737ed4dedde6cd626a15ad"},{"fixed":"4b97e99b87a773d52699521d40864f3ec888e9a6"},{"fixed":"6e7dadc5763c48eb3b9b91265a21f312599ebb2c"},{"fixed":"06c4826b1d900611096e4621e93133db57e13911"},{"fixed":"babc634e9fe2803962dba98a07587e835dbc0731"},{"fixed":"d5ddd76ee52bdc16e9f8b1e7791291e785dab032"},{"fixed":"4c7ef92f6d4d08a27d676e4c348f4e2922cab3ed"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40125.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.301"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.246"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.195"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.156"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.112"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.53"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.17.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40125.json"}}],"schema_version":"1.7.5"}