CVE-2025-40305
- Source
- https://cve.org/CVERecord?id=CVE-2025-40305
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40305.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-40305
- Downstream
- Published
- 2025-12-08T00:46:30.327Z
- Modified
- 2026-01-02T20:49:04.535069Z
- Summary
- 9p/trans_fd: p9_fd_request: kick rx thread if EPOLLIN
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
9p/transfd: p9fd_request: kick rx thread if EPOLLIN
p9readwork() doesn't set Rworksched and doesn't do schedulework(m->rq) if listempty(&m->req_list).
However, if the pipe is full, we need to read more data and this used to work prior to commit aaec5a95d59615 ("pipe_read: don't wake up the writer if the pipe is still full").
p9readwork() does p9fdread() -> ... -> anonpiperead() which (before the commit above) triggered the unnecessary wakeup. This wakeup calls p9pollwake() which kicks p9pollworkfn() -> p9pollmux(), p9pollmux() will notice EPOLLIN and schedulework(&m->rq).
This no longer happens after the optimization above, change p9fdrequest() to use p9pollmux() instead of only checking for EPOLLOUT.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40305.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/242531004d7de8c159f9bfadebe33fe8060b1046
- https://git.kernel.org/stable/c/e8fe3f07a357c39d429e02ca34f740692d88967a
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40305.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-40305
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedaaec5a95d59615523db03dd53c2052f0a87beea7Fixed242531004d7de8c159f9bfadebe33fe8060b1046Fixede8fe3f07a357c39d429e02ca34f740692d88967a