CVE-2025-40325 — Improper Input Validation in Linux

CWE-20 — Improper Input Validation16 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 77.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +20 more

Timeline

PublishedApr 18

Latest updateApr 17

Description

In the Linux kernel, the following vulnerability has been resolved: md/raid10: wait barrier before returning discard request with REQ_NOWAIT raid10_handle_discard should wait barrier before returning a discard bio which has REQ_NOWAIT. And there is no need to print warning calltrace if a discard bio has REQ_NOWAIT flag. Quality engineer usually checks dmesg and reports error if dmesg has warning/error calltrace.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages25 packages

▶NVDlinux/linux_kernel5.15.111 — 5.16+1

▶Debianlinux/linux_kernel< 6.12.69-1+1

▶Ubuntulinux/linux_kernel< 6.14.0-22.22

▶msrcmsrc/azl3_kernel_6.6.96.2-1_on_azure_linux_3.0

▶msrcmsrc/azl3_kernel_6.6.96.2-2_on_azure_linux_3.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-aws, linux-oracle vulnerabilities↗2025-07-08

▶

OSV

linux-azure vulnerabilities↗2025-06-26

▶

OSV

linux, linux-gcp, linux-raspi, linux-realtime vulnerabilities↗2025-06-24

▶

GHSA

GHSA-vf7h-45fw-j88p: In the Linux kernel, the following vulnerability has been resolved: md/raid10: wait barrier before returning discard request with REQ_NOWAIT raid10_↗2025-04-18

▶

OSV

CVE-2025-40325: In the Linux kernel, the following vulnerability has been resolved: md/raid10: wait barrier before returning discard request with REQ_NOWAIT raid10_ha↗2025-04-18

▶

📋Vendor Advisories

Ubuntu

Linux kernel (FIPS) vulnerabilities↗2026-04-17

▶

Ubuntu

Linux kernel (Real-time) vulnerabilities↗2026-04-17

▶

Ubuntu

Linux kernel (NVIDIA) vulnerabilities↗2026-04-17

▶

Ubuntu

Linux kernel vulnerabilities↗2026-04-16

▶

Ubuntu

Linux kernel vulnerabilities↗2025-07-08

▶

External resources

NVD MITRE

Affected products23

Debian Linuxfixed in linux 6.16.3-1 (forky)

Linux≥ c9aa889b035fca4598ae985a0f0c76ebbb547ad2, < 31ff67982c5fa39c0093b9d9f429fef91c2494b7≥ c9aa889b035fca4598ae985a0f0c76ebbb547ad2, < 31d3156efe909b53ba174861a3da880c688f5edc≥ c9aa889b035fca4598ae985a0f0c76ebbb547ad2, < 3db4404435397a345431b45f57876a3df133f3b4+2 more

Linux Kernel≥ 0, < 6.12.69-1≥ 0, < 6.16.3-1≥ 5.15.111, < 5.16+2 more

Msrc Azl3 Kernel 6.6.104.2-4 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.112.1-2 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.117.1-1 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.119.3-1 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.119.3-3 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.121.1-1 ON Azure Linux 3.0

Msrc Azl3 Kernel 6.6.126.1-1 ON Azure Linux 3.0

Disclosure

PublishedApr 18, 2025

Latest updateApr 17, 2026