CVE-2025-40261

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nvme: nvme-fc: Ensure -&gt;ioerr_work is cancelled in nvme_fc_delete_ctrl()<br /> <br /> nvme_fc_delete_assocation() waits for pending I/O to complete before<br /> returning, and an error can cause -&gt;ioerr_work to be queued after<br /> cancel_work_sync() had been called. Move the call to cancel_work_sync() to<br /> be after nvme_fc_delete_association() to ensure -&gt;ioerr_work is not running<br /> when the nvme_fc_ctrl object is freed. Otherwise the following can occur:<br /> <br /> [ 1135.911754] list_del corruption, ff2d24c8093f31f8-&gt;next is NULL<br /> [ 1135.917705] ------------[ cut here ]------------<br /> [ 1135.922336] kernel BUG at lib/list_debug.c:52!<br /> [ 1135.926784] Oops: invalid opcode: 0000 [#1] SMP NOPTI<br /> [ 1135.931851] CPU: 48 UID: 0 PID: 726 Comm: kworker/u449:23 Kdump: loaded Not tainted 6.12.0 #1 PREEMPT(voluntary)<br /> [ 1135.943490] Hardware name: Dell Inc. PowerEdge R660/0HGTK9, BIOS 2.5.4 01/16/2025<br /> [ 1135.950969] Workqueue: 0x0 (nvme-wq)<br /> [ 1135.954673] RIP: 0010:__list_del_entry_valid_or_report.cold+0xf/0x6f<br /> [ 1135.961041] Code: c7 c7 98 68 72 94 e8 26 45 fe ff 0f 0b 48 c7 c7 70 68 72 94 e8 18 45 fe ff 0f 0b 48 89 fe 48 c7 c7 80 69 72 94 e8 07 45 fe ff 0b 48 89 d1 48 c7 c7 a0 6a 72 94 48 89 c2 e8 f3 44 fe ff 0f 0b<br /> [ 1135.979788] RSP: 0018:ff579b19482d3e50 EFLAGS: 00010046<br /> [ 1135.985015] RAX: 0000000000000033 RBX: ff2d24c8093f31f0 RCX: 0000000000000000<br /> [ 1135.992148] RDX: 0000000000000000 RSI: ff2d24d6bfa1d0c0 RDI: ff2d24d6bfa1d0c0<br /> [ 1135.999278] RBP: ff2d24c8093f31f8 R08: 0000000000000000 R09: ffffffff951e2b08<br /> [ 1136.006413] R10: ffffffff95122ac8 R11: 0000000000000003 R12: ff2d24c78697c100<br /> [ 1136.013546] R13: fffffffffffffff8 R14: 0000000000000000 R15: ff2d24c78697c0c0<br /> [ 1136.020677] FS: 0000000000000000(0000) GS:ff2d24d6bfa00000(0000) knlGS:0000000000000000<br /> [ 1136.028765] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [ 1136.034510] CR2: 00007fd207f90b80 CR3: 000000163ea22003 CR4: 0000000000f73ef0<br /> [ 1136.041641] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> [ 1136.048776] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400<br /> [ 1136.055910] PKRU: 55555554<br /> [ 1136.058623] Call Trace:<br /> [ 1136.061074] <br /> [ 1136.063179] ? show_trace_log_lvl+0x1b0/0x2f0<br /> [ 1136.067540] ? show_trace_log_lvl+0x1b0/0x2f0<br /> [ 1136.071898] ? move_linked_works+0x4a/0xa0<br /> [ 1136.075998] ? __list_del_entry_valid_or_report.cold+0xf/0x6f<br /> [ 1136.081744] ? __die_body.cold+0x8/0x12<br /> [ 1136.085584] ? die+0x2e/0x50<br /> [ 1136.088469] ? do_trap+0xca/0x110<br /> [ 1136.091789] ? do_error_trap+0x65/0x80<br /> [ 1136.095543] ? __list_del_entry_valid_or_report.cold+0xf/0x6f<br /> [ 1136.101289] ? exc_invalid_op+0x50/0x70<br /> [ 1136.105127] ? __list_del_entry_valid_or_report.cold+0xf/0x6f<br /> [ 1136.110874] ? asm_exc_invalid_op+0x1a/0x20<br /> [ 1136.115059] ? __list_del_entry_valid_or_report.cold+0xf/0x6f<br /> [ 1136.120806] move_linked_works+0x4a/0xa0<br /> [ 1136.124733] worker_thread+0x216/0x3a0<br /> [ 1136.128485] ? __pfx_worker_thread+0x10/0x10<br /> [ 1136.132758] kthread+0xfa/0x240<br /> [ 1136.135904] ? __pfx_kthread+0x10/0x10<br /> [ 1136.139657] ret_from_fork+0x31/0x50<br /> [ 1136.143236] ? __pfx_kthread+0x10/0x10<br /> [ 1136.146988] ret_from_fork_asm+0x1a/0x30<br /> [ 1136.150915]