SB2025111289 - Memory leak in Linux kernel nvme target driver
Published: November 12, 2025
Security Bulletin ID
SB2025111289
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2025-40171)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvmet_fc_tgt_a_get(), __nvmet_fc_finish_ls_req(), __nvmet_fc_send_ls_req(), nvmet_fc_disconnect_assoc_done() and nvmet_fc_register_targetport() functions in drivers/nvme/target/fc.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/060ecc81240ef9d60d9485a3a5eb55a0d6e7a25c
- https://git.kernel.org/stable/c/11269c08013f4ee8b8f5edc6c56700acb34092d0
- https://git.kernel.org/stable/c/7331925c247b03b7767b8cd93cfe1b7aa2377850
- https://git.kernel.org/stable/c/7a619f8c869117ffed08365b377f66b7e1d941b4
- https://git.kernel.org/stable/c/a28112cc55013cd8cbd5d36b5115a5b851151bd9
- https://git.kernel.org/stable/c/db5a5406fb7e5337a074385c7a3e53c77f2c1bd3