CVE-2025-40343

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nvmet-fc: avoid scheduling association deletion twice<br /> <br /> When forcefully shutting down a port via the configfs interface,<br /> nvmet_port_subsys_drop_link() first calls nvmet_port_del_ctrls() and<br /> then nvmet_disable_port(). Both functions will eventually schedule all<br /> remaining associations for deletion.<br /> <br /> The current implementation checks whether an association is about to be<br /> removed, but only after the work item has already been scheduled. As a<br /> result, it is possible for the first scheduled work item to free all<br /> resources, and then for the same work item to be scheduled again for<br /> deletion.<br /> <br /> Because the association list is an RCU list, it is not possible to take<br /> a lock and remove the list entry directly, so it cannot be looked up<br /> again. Instead, a flag (terminating) must be used to determine whether<br /> the association is already in the process of being deleted.