CVE-2025-40219Time-of-check Time-of-use (TOCTOU) Race Condition in Linux

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition57 documents8 sources
Severity
7.8HIGHOSV
OSV5.5OSV3.2
No vector
EPSS
0.1%
top 79.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedDec 4
Latest updateApr 13

Description

In the Linux kernel, the following vulnerability has been resolved: PCI/IOV: Fix race between SR-IOV enable/disable and hotplug Commit 05703271c3cd ("PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV") tried to fix a race between the VF removal inside sriov_del_vfs() and concurrent hot unplug by taking the PCI rescan/remove lock in sriov_del_vfs(). Similarly the PCI rescan/remove lock was also taken in sriov_add_vfs() to protect addition of VFs. This approach however cause

Affected Packages6 packages

Linuxlinux/linux_kernel5.0.05.4.301+6
Debianlinux/linux_kernel< 6.19.6-1
Ubuntulinux/linux_kernel< 5.15.0-170.180+2
CVEListV5linux/linux18f9e9d150fccfa747875df6f0a9f606740762b33cddde484471c602bea04e6f384819d336a1ff84+8

🔴Vulnerability Details

28
OSV
linux-raspi vulnerabilities2026-04-01
OSV
linux-raspi, linux-raspi-realtime vulnerabilities2026-04-01
OSV
linux-azure-6.8 vulnerabilities2026-03-25
OSV
linux-azure vulnerabilities2026-03-25
OSV
linux-aws-6.8 vulnerabilities2026-03-23

📋Vendor Advisories

27
Ubuntu
Linux kernel (Azure) vulnerabilities2026-04-13
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01

💬Community

1
Bugzilla
CVE-2025-40219 kernel: Linux kernel: Denial of Service due to race condition in SR-IOV device management2025-12-04