VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 12, 2025· Updated Apr 15, 2026

CVE-2025-40146

CVE-2025-40146

Description

In the Linux kernel, the following vulnerability has been resolved:

blk-mq: fix potential deadlock while nr_requests grown

Allocate and free sched_tags while queue is freezed can deadlock[1], this is a long term problem, hence allocate memory before freezing queue and free memory after queue is unfreezed.

[1] https://lore.kernel.org/all/0659ea8d-a463-47c8-9180-43c719e106eb@linux.ibm.com/

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Potential deadlock in blk-mq when growing nr_requests is fixed by reordering memory allocation and queue freeze.

The vulnerability is a potential deadlock in the Linux kernel's block multi-queue (blk-mq) subsystem. The issue occurs when the nr_requests parameter is grown while the queue is frozen. The original code allocated and freed sched_tags during the frozen state, which could lead to a deadlock due to the locking order.

Exploitation of this deadlock requires the ability to trigger a resize of nr_requests on a blk-mq queue. This action is performed by writing to a sysfs file, which typically requires root privileges. The deadlock condition manifests when the queue is already frozen for another operation.

An attacker with local root access could cause a denial of service by inducing a deadlock that hangs the kernel, affecting all block devices using the multi-queue interface. The fix ensures that memory allocation happens before freezing the queue and freeing memory after unfreezing.

The vulnerability is addressed in the Linux kernel stable commit referenced [1]. Users should apply the kernel patch to prevent the deadlock.

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

2
8d26acf84771
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
b86433721f46
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.