Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-40134— dm: fix NULL pointer dereference in __dm_suspend()

EPSS 0.06% · P18

Affected Version Matrix 18

VendorProductVersion RangeStatus
LinuxLinuxc4576aed8d85d808cd6443bda58393d525207d01< 9dc43ea6a20ff83fe9a5fe4be47ae0fbf2409b98affected
c4576aed8d85d808cd6443bda58393d525207d01< 30f95b7eda5966b81cb221bd569c0f095a068cf6affected
c4576aed8d85d808cd6443bda58393d525207d01< a0e54bd8d7ea79127fe9920df3ae36f85e79ac7caffected
c4576aed8d85d808cd6443bda58393d525207d01< a802901b75e13cc306f1b7ab0f062135c8034e9eaffected
c4576aed8d85d808cd6443bda58393d525207d01< 846cafc4725ca727d94f9c4b5f789c1a7c8fb6feaffected
c4576aed8d85d808cd6443bda58393d525207d01< 19ca4528666990be376ac3eb6fe667b03db5324daffected
c4576aed8d85d808cd6443bda58393d525207d01< 331c2dd8ca8bad1a3ac10cce847ffb76158eece4affected
c4576aed8d85d808cd6443bda58393d525207d01< 8d33a030c566e1f105cd5bf27f37940b6367f3beaffected
… +10 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-40134

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
dm: fix NULL pointer dereference in __dm_suspend()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in __dm_suspend() There is a race condition between dm device suspend and table load that can lead to null pointer dereference. The issue occurs when suspend is invoked before table load completes: BUG: kernel NULL pointer dereference, address: 0000000000000054 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 6 PID: 6798 Comm: dmsetup Not tainted 6.6.0-g7e52f5f0ca9b #62 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 RIP: 0010:blk_mq_wait_quiesce_done+0x0/0x50 Call Trace: <TASK> blk_mq_quiesce_queue+0x2c/0x50 dm_stop_queue+0xd/0x20 __dm_suspend+0x130/0x330 dm_suspend+0x11a/0x180 dev_suspend+0x27e/0x560 ctl_ioctl+0x4cf/0x850 dm_ctl_ioctl+0xd/0x20 vfs_ioctl+0x1d/0x50 __se_sys_ioctl+0x9b/0xc0 __x64_sys_ioctl+0x19/0x30 x64_sys_call+0x2c4a/0x4620 do_syscall_64+0x9e/0x1b0 The issue can be triggered as below: T1 T2 dm_suspend table_load __dm_suspend dm_setup_md_queue dm_mq_init_request_queue blk_mq_init_allocated_queue => q->mq_ops = set->ops; (1) dm_stop_queue / dm_wait_for_completion => q->tag_set NULL pointer! (2) => q->tag_set = set; (3) Fix this by checking if a valid table (map) exists before performing request-based suspend and waiting for target I/O. When map is NULL, skip these table-dependent suspend steps. Even when map is NULL, no I/O can reach any target because there is no table loaded; I/O submitted in this state will fail early in the DM layer. Skipping the table-dependent suspend logic in this case is safe and avoids NULL pointer dereferences.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于dm设备挂起和表加载之间的竞争条件,可能导致空指针取消引用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux c4576aed8d85d808cd6443bda58393d525207d01 ~ 9dc43ea6a20ff83fe9a5fe4be47ae0fbf2409b98 -
LinuxLinux 5.0 -

II. Public POCs for CVE-2025-40134

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-40134

登录查看更多情报信息。

Same Patch Batch · Linux · 2025-11-12 · 96 CVEs total

CVE-2025-40176tls: wait for pending async decryptions if tls_strp_msg_hold fails
CVE-2025-40172accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages()
CVE-2025-40169bpf: Reject negative offsets for ALU ops
CVE-2025-40166drm/xe/guc: Check GuC running state before deregistering exec queue
CVE-2025-40167ext4: detect invalid INLINE_DATA + EXTENTS flag combination
CVE-2025-40164usbnet: Fix using smp_processor_id() in preemptible code warnings
CVE-2025-40162ASoC: amd/sdw_utils: avoid NULL deref when devm_kasprintf() fails
CVE-2025-40163sched/deadline: Stop dl_server before CPU goes offline
CVE-2025-40165media: nxp: imx8-isi: m2m: Fix streaming cleanup on release
CVE-2025-40175idpf: cleanup remaining SKBs in PTP flows
CVE-2025-40174x86/mm: Fix SMP ordering in switch_mm_irqs_off()
CVE-2025-40173net/ip6_tunnel: Prevent perpetual tunnel growth
CVE-2025-40177accel/qaic: Fix bootlog initialization ordering
CVE-2025-40178pid: Add a judgment for ns null in pid_nr_ns
CVE-2025-40179ext4: verify orphan file size is not too big
CVE-2025-40180mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop
CVE-2025-40181x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP
CVE-2025-40183bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6}
CVE-2025-40182crypto: skcipher - Fix reqsize handling
CVE-2025-40184KVM: arm64: Fix debug checking for np-guests using huge mappings

Showing top 20 of 96 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2025-40134

No comments yet

Leave a comment