{"id":"CVE-2025-40130","summary":"scsi: ufs: core: Fix data race in CPU latency PM QoS request handling","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix data race in CPU latency PM QoS request handling\n\nThe cpu_latency_qos_add/remove/update_request interfaces lack internal\nsynchronization by design, requiring the caller to ensure thread safety.\nThe current implementation relies on the 'pm_qos_enabled' flag, which is\ninsufficient to prevent concurrent access and cannot serve as a proper\nsynchronization mechanism. This has led to data races and list\ncorruption issues.\n\nA typical race condition call trace is:\n\n[Thread A]\nufshcd_pm_qos_exit()\n  --\u003e cpu_latency_qos_remove_request()\n    --\u003e cpu_latency_qos_apply();\n      --\u003e pm_qos_update_target()\n        --\u003e plist_del              \u003c--(1) delete plist node\n    --\u003e memset(req, 0, sizeof(*req));\n  --\u003e hba-\u003epm_qos_enabled = false;\n\n[Thread B]\nufshcd_devfreq_target\n  --\u003e ufshcd_devfreq_scale\n    --\u003e ufshcd_scale_clks\n      --\u003e ufshcd_pm_qos_update     \u003c--(2) pm_qos_enabled is true\n        --\u003e cpu_latency_qos_update_request\n          --\u003e pm_qos_update_target\n            --\u003e plist_del          \u003c--(3) plist node use-after-free\n\nIntroduces a dedicated mutex to serialize PM QoS operations, preventing\ndata races and ensuring safe access to PM QoS resources, including sysfs\ninterface reads.","modified":"2026-03-20T12:43:11.758407Z","published":"2025-11-12T10:23:21.605Z","related":["SUSE-SU-2026:20207-1","SUSE-SU-2026:20220-1","SUSE-SU-2026:20228-1","SUSE-SU-2026:20634-1","SUSE-SU-2026:20635-1","SUSE-SU-2026:20636-1","SUSE-SU-2026:20637-1","SUSE-SU-2026:20643-1","SUSE-SU-2026:20644-1","SUSE-SU-2026:20646-1","SUSE-SU-2026:20648-1","openSUSE-SU-2026:20145-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40130.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/79dde5f7dc7c038eec903745dc1550cd4139980e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d9df61afb8d23c475f1be3c714da2c34c156ab01"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40130.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40130"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"2777e73fc154e2e87233bdcc0e2402b33815198e"},{"fixed":"d9df61afb8d23c475f1be3c714da2c34c156ab01"},{"fixed":"79dde5f7dc7c038eec903745dc1550cd4139980e"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40130.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.9.0"},{"fixed":"6.17.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40130.json"}}],"schema_version":"1.7.5"}