CVE-2025-40342
Published Dec 9, 2025
Modified Apr 15, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: nvme-fc: use lock accessing port_state and rport state nvme_fc_unregister_remote removes the remote port on a lport object at any point in time when there is no active association. This races with with the reconnect logic, because nvme_fc_create_association is not taking a lock to check the port_state and atomically increase the active count on the rport.
Is your site exposed to CVE-2025-40342?
Run a free security scan — no signup, results in seconds.
References
Other References
https://git.kernel.org/stable/c/25f4bf1f7979a7871974fd36c79d69ff1cf4b446
https://git.kernel.org/stable/c/4253e0a4546138a2bf9cb6acf66b32fee677fc7c
https://git.kernel.org/stable/c/891cdbb162ccdb079cd5228ae43bdeebce8597ad
https://git.kernel.org/stable/c/9950af4303942081dc8c7a5fdc3688c17c7eb6c0
https://git.kernel.org/stable/c/a2f7fa75c4a2a07328fa22ccbef461db76790b55
https://git.kernel.org/stable/c/de3d91af47bc015031e7721b100a29989f6498a5
https://git.kernel.org/stable/c/e8cde03de8674b05f2c5e0870729049eba517800
Frequently Asked Questions
What is CVE-2025-40342? +
In the Linux kernel, the following vulnerability has been resolved:
nvme-fc: use lock accessing port_state and rport state
nvme_fc_unregister_remote removes the remote port on a lport object at
any point in time when there is no active association. This races with
with the reconnect logic, because nvme_fc_create_association is not
taking a lock to check the port_state and atomically increase the
active count on the rport.
How do I check if I'm vulnerable to CVE-2025-40342? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.