Vulnerability Lookup

🛡️ CVE-2025-40219

⚪ Unknown ✅ No Known Exploit NVD

N/A

CVSS Score

0 Low4 Medium7 High9 Critical10

Description

In the Linux kernel, the following vulnerability has been resolved: PCI/IOV: Fix race between SR-IOV enable/disable and hotplug Commit 05703271c3cd ("PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV") tried to fix a race between the VF removal inside sriov_del_vfs() and concurrent hot unplug by taking the PCI rescan/remove lock in sriov_del_vfs(). Similarly the PCI rescan/remove lock was also taken in sriov_add_vfs() to protect addition of VFs. This approach however causes deadlock on trying to remove PFs with SR-IOV enabled because PFs disable SR-IOV during removal and this removal happens under the PCI rescan/remove lock. So the original fix had to be reverted. Instead of taking the PCI rescan/remove lock in sriov_add_vfs() and sriov_del_vfs(), fix the race that occurs with SR-IOV enable and disable vs hotplug higher up in the callchain by taking the lock in sriov_numvfs_store() before calling into the driver's sriov_configure() callback.

Details

Severity Unknown

CVSS Score N/A

CVSS Vector N/A

CWE N/A

Public Exploit ✅ No

Source NVD

Published 2025-12-04

Updated 2026-06-05

Modified 2026-06-04

Fix URL N/A

Affected Packages

Software	From version	Fixed in
kernel	6.13.0	6.17.4
unknown	—	—

References

WEB https://git.kernel.org/stable/c/05703271c3cdcc0f2a8cf6ebdc45892b8ca83520

WEB https://git.kernel.org/stable/c/1e8a80290f964bdbad225221c8a1594c7e01c8fd

WEB https://git.kernel.org/stable/c/36039348bca77828bf06eae41b8f76e38cd15847

WEB https://git.kernel.org/stable/c/53154cd40ccf285f1d1c24367824082061d155bd

WEB https://git.kernel.org/stable/c/5c1cd7d405e94dc6cb320cc0cc092b74895b6ddf

WEB https://git.kernel.org/stable/c/a24219172456f035d886857e265ca24c85b167c8

WEB https://git.kernel.org/stable/c/a645ca21de09e3137cbb224fa6c23cca873a1d01

WEB https://git.kernel.org/stable/c/ee40e5db052d7c6f406fdb95ad639c894c74674c

ADVISORY https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40219.json

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-40219

PACKAGE https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

🔗 NVD 🔗 Mitre

Similar Threats

Unknown ALSA-2023:2458
Unknown ALSA-2023:1703
Unknown ALSA-2023:1566
Unknown ALSA-2023:1470
Unknown ALSA-2023:0951

Site Security Check

Concerned your site may already be targeted?

BotEraser analyzes incoming traffic patterns and helps identify bot behavior consistent with known exploit attempts.

Check My Site Free →

No credit card required · Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.

Concerned your site may already be targeted?

Company

Resources

Services

Trusted

Subscribe