CVE-2025-40259 — Linux vulnerability
52 documents7 sources
Severity
7.8HIGHOSV
OSV7.2OSV3.2
No vectorEPSS
0.1%
top 79.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 4
Latest updateApr 13
Description
In the Linux kernel, the following vulnerability has been resolved:
scsi: sg: Do not sleep in atomic context
sg_finish_rem_req() calls blk_rq_unmap_user(). The latter function may
sleep. Hence, call sg_finish_rem_req() with interrupts enabled instead
of disabled.