What is CVE-2025-40261?

CVE-2025-40261 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.10.9 onward and patched in 5.10.253, 5.15.209, 6.1.167 and others. CVE-2025-40261 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-40261?

CVE-2025-40261 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-40261?

Yes, CVE-2025-40261 has been patched. Fixed versions include 5.10.253, 5.15.209, 6.1.167 and others. If you are running Linux kernel 5.10.9 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-40261 actively exploited?

CVE-2025-40261 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-40261

In the Linux kernel, the following vulnerability has been resolved: nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() nvme_fc_delete_assocation() waits for pending I/O to complete before returning, and an error can cause ->ioerr_work to be queued after cancel_work_sync() had been called. Move the call to cancel_work_sync() to be after nvme_fc_delete_association() to ensure ->ioerr_work is not running when the nvme_fc_ctrl object is freed. Otherwise the following can occur: [ 1135.911754] list_del corruption, ff2d24c8093f31f8->next is NULL [ 1135.917705] ------------[ cut here ]------------ [ 1135.922336] kernel BUG at lib/list_debug.c:52! [ 1135.926784] Oops: invalid opcode: 0000 [#1] SMP NOPTI [ 1135.931851] CPU: 48 UID: 0 PID: 726 Comm: kworker/u449:23 Kdump: loaded Not tainted 6.12.0 #1 PREEMPT(voluntary) [ 1135.943490] Hardware name: Dell Inc. PowerEdge R660/0HGTK9, BIOS 2.5.4 01/16/2025 [ 1135.950969] Workqueue: 0x0 (nvme-wq) [ 1135.954673] RIP: 0010:__list_del_entry_valid_or_report.cold+0xf/0x6f [ 1135.961041] Code: c7 c7 98 68 72 94 e8 26 45 fe ff 0f 0b 48 c7 c7 70 68 72 94 e8 18 45 fe ff 0f 0b 48 89 fe 48 c7 c7 80 69 72 94 e8 07 45 fe ff <0f> 0b 48 89 d1 48 c7 c7 a0 6a 72 94 48 89 c2 e8 f3 44 fe ff 0f 0b [ 1135.979788] RSP: 0018:ff579b19482d3e50 EFLAGS: 00010046 [ 1135.985015] RAX: 0000000000000033 RBX: ff2d24c8093f31f0 RCX: 0000000000000000 [ 1135.992148] RDX: 0000000000000000 RSI: ff2d24d6bfa1d0c0 RDI: ff2d24d6bfa1d0c0 [ 1135.999278] RBP: ff2d24c8093f31f8 R08: 0000000000000000 R09: ffffffff951e2b08 [ 1136.006413] R10: ffffffff95122ac8 R11: 0000000000000003 R12: ff2d24c78697c100 [ 1136.013546] R13: fffffffffffffff8 R14: 0000000000000000 R15: ff2d24c78697c0c0 [ 1136.020677] FS: 0000000000000000(0000) GS:ff2d24d6bfa00000(0000) knlGS:0000000000000000 [ 1136.028765] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1136.034510] CR2: 00007fd207f90b80 CR3: 000000163ea22003 CR4: 0000000000f73ef0 [ 1136.041641] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1136.048776] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 [ 1136.055910] PKRU: 55555554 [ 1136.058623] Call Trace: [ 1136.061074] <TASK> [ 1136.063179] ? show_trace_log_lvl+0x1b0/0x2f0 [ 1136.067540] ? show_trace_log_lvl+0x1b0/0x2f0 [ 1136.071898] ? move_linked_works+0x4a/0xa0 [ 1136.075998] ? __list_del_entry_valid_or_report.cold+0xf/0x6f [ 1136.081744] ? __die_body.cold+0x8/0x12 [ 1136.085584] ? die+0x2e/0x50 [ 1136.088469] ? do_trap+0xca/0x110 [ 1136.091789] ? do_error_trap+0x65/0x80 [ 1136.095543] ? __list_del_entry_valid_or_report.cold+0xf/0x6f [ 1136.101289] ? exc_invalid_op+0x50/0x70 [ 1136.105127] ? __list_del_entry_valid_or_report.cold+0xf/0x6f [ 1136.110874] ? asm_exc_invalid_op+0x1a/0x20 [ 1136.115059] ? __list_del_entry_valid_or_report.cold+0xf/0x6f [ 1136.120806] move_linked_works+0x4a/0xa0 [ 1136.124733] worker_thread+0x216/0x3a0 [ 1136.128485] ? __pfx_worker_thread+0x10/0x10 [ 1136.132758] kthread+0xfa/0x240 [ 1136.135904] ? __pfx_kthread+0x10/0x10 [ 1136.139657] ret_from_fork+0x31/0x50 [ 1136.143236] ? __pfx_kthread+0x10/0x10 [ 1136.146988] ret_from_fork_asm+0x1a/0x30 [ 1136.150915] </TASK>

Package Linux Kernel

Published 2025-12-04

Last modified 2026-06-02

Patch available

Yes

Affected versions

Linux kernel versions 5.10.9, 5.11 and later are affected. Fixed in 5.10.253, 5.15.209, 6.1.167, 6.6.118, 6.12.60, 6.17.10, 6.18 and their respective stable series.

Affected from

≥ 5.10.9 ≥ 5.11

Fixed in

✓ 5.10.253 5.10.x ✓ 5.15.209 5.15.x ✓ 6.1.167 6.1.x ✓ 6.6.118 6.6.x ✓ 6.12.60 6.12.x ✓ 6.17.10 6.17.x ✓ 6.18

References

The following references provide additional information about CVE-2025-40261 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Cert-Portal
https://cert-portal.siemens.com/productcert/html/ssa-253495.html
Kernel patch commit
https://git.kernel.org/stable/c/0a2c5495b6d1ecb0fa18ef6631450f391a888256
Patch
Kernel patch commit
https://git.kernel.org/stable/c/33f64600a12055219bda38b55320c62cdeda9167
Patch
Kernel patch commit
https://git.kernel.org/stable/c/3f48cd7f35da07fc067cef926bb7f6f4735de37b
Patch

7 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-40261?

CVE-2025-40261 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.10.9 onward and has been patched in 5.10.253, 5.15.209, 6.1.167 and others. CVE-2025-40261 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-40261?

Yes — CVE-2025-40261 has been patched. Fixed versions include 5.10.253, 5.15.209, 6.1.167 and others. If you are running Linux kernel 5.10.9 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-40261 actively exploited?

No — CVE-2025-40261 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.