{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-40115","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T07:20:57.168Z","datePublished":"2025-11-12T10:23:17.283Z","dateUpdated":"2026-05-11T21:42:56.421Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:42:56.421Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpt3sas: Fix crash in transport port remove by using ioc_info()\n\nDuring mpt3sas_transport_port_remove(), messages were logged with\ndev_printk() against &mpt3sas_port->port->dev. At this point the SAS\ntransport device may already be partially unregistered or freed, leading\nto a crash when accessing its struct device.\n\nUsing ioc_info(), which logs via the PCI device (ioc->pdev->dev),\nguaranteed to remain valid until driver removal.\n\n[83428.295776] Oops: general protection fault, probably for non-canonical address 0x6f702f323a33312d: 0000 [#1] SMP NOPTI\n[83428.295785] CPU: 145 UID: 0 PID: 113296 Comm: rmmod Kdump: loaded Tainted: G           OE       6.16.0-rc1+ #1 PREEMPT(voluntary)\n[83428.295792] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n[83428.295795] Hardware name: Dell Inc. Precision 7875 Tower/, BIOS 89.1.67 02/23/2024\n[83428.295799] RIP: 0010:__dev_printk+0x1f/0x70\n[83428.295805] Code: 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 49 89 d1 48 85 f6 74 52 4c 8b 46 50 4d 85 c0 74 1f 48 8b 46 68 48 85 c0 74 22 <48> 8b 08 0f b6 7f 01 48 c7 c2 db e8 42 ad 83 ef 30 e9 7b f8 ff ff\n[83428.295813] RSP: 0018:ff85aeafc3137bb0 EFLAGS: 00010206\n[83428.295817] RAX: 6f702f323a33312d RBX: ff4290ee81292860 RCX: 5000cca25103be32\n[83428.295820] RDX: ff85aeafc3137bb8 RSI: ff4290eeb1966c00 RDI: ffffffffc1560845\n[83428.295823] RBP: ff85aeafc3137c18 R08: 74726f702f303a33 R09: ff85aeafc3137bb8\n[83428.295826] R10: ff85aeafc3137b18 R11: ff4290f5bd60fe68 R12: ff4290ee81290000\n[83428.295830] R13: ff4290ee6e345de0 R14: ff4290ee81290000 R15: ff4290ee6e345e30\n[83428.295833] FS:  00007fd9472a6740(0000) GS:ff4290f5ce96b000(0000) knlGS:0000000000000000\n[83428.295837] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[83428.295840] CR2: 00007f242b4db238 CR3: 00000002372b8006 CR4: 0000000000771ef0\n[83428.295844] PKRU: 55555554\n[83428.295846] Call Trace:\n[83428.295848]  <TASK>\n[83428.295850]  _dev_printk+0x5c/0x80\n[83428.295857]  ? srso_alias_return_thunk+0x5/0xfbef5\n[83428.295863]  mpt3sas_transport_port_remove+0x1c7/0x420 [mpt3sas]\n[83428.295882]  _scsih_remove_device+0x21b/0x280 [mpt3sas]\n[83428.295894]  ? _scsih_expander_node_remove+0x108/0x140 [mpt3sas]\n[83428.295906]  ? srso_alias_return_thunk+0x5/0xfbef5\n[83428.295910]  mpt3sas_device_remove_by_sas_address.part.0+0x8f/0x110 [mpt3sas]\n[83428.295921]  _scsih_expander_node_remove+0x129/0x140 [mpt3sas]\n[83428.295933]  _scsih_expander_node_remove+0x6a/0x140 [mpt3sas]\n[83428.295944]  scsih_remove+0x3f0/0x4a0 [mpt3sas]\n[83428.295957]  pci_device_remove+0x3b/0xb0\n[83428.295962]  device_release_driver_internal+0x193/0x200\n[83428.295968]  driver_detach+0x44/0x90\n[83428.295971]  bus_remove_driver+0x69/0xf0\n[83428.295975]  pci_unregister_driver+0x2a/0xb0\n[83428.295979]  _mpt3sas_exit+0x1f/0x300 [mpt3sas]\n[83428.295991]  __do_sys_delete_module.constprop.0+0x174/0x310\n[83428.295997]  ? srso_alias_return_thunk+0x5/0xfbef5\n[83428.296000]  ? __x64_sys_getdents64+0x9a/0x110\n[83428.296005]  ? srso_alias_return_thunk+0x5/0xfbef5\n[83428.296009]  ? syscall_trace_enter+0xf6/0x1b0\n[83428.296014]  do_syscall_64+0x7b/0x2c0\n[83428.296019]  ? srso_alias_return_thunk+0x5/0xfbef5\n[83428.296023]  entry_SYSCALL_64_after_hwframe+0x76/0x7e"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/scsi/mpt3sas/mpt3sas_transport.c"],"versions":[{"version":"f92363d12359498f9a9960511de1a550f0ec41c2","lessThan":"b3a6d153861d0f29b80882470d14aafb8d687dc2","status":"affected","versionType":"git"},{"version":"f92363d12359498f9a9960511de1a550f0ec41c2","lessThan":"4e1442bae50ed633c2fe8058f47cd79b4ad88b9b","status":"affected","versionType":"git"},{"version":"f92363d12359498f9a9960511de1a550f0ec41c2","lessThan":"a89253eb4e648deace48a4e38996afd182eb95e3","status":"affected","versionType":"git"},{"version":"f92363d12359498f9a9960511de1a550f0ec41c2","lessThan":"fa153fb40c61f8ca01237427c97a0b93ba32c403","status":"affected","versionType":"git"},{"version":"f92363d12359498f9a9960511de1a550f0ec41c2","lessThan":"6459dba4f35017448535a799cf699d5205eb5489","status":"affected","versionType":"git"},{"version":"f92363d12359498f9a9960511de1a550f0ec41c2","lessThan":"1fd39e14d47d9b4965dd5c9cff16e64ba3e71a62","status":"affected","versionType":"git"},{"version":"f92363d12359498f9a9960511de1a550f0ec41c2","lessThan":"970ceb1bdc3d6c2af9245d6eca38606e74fcb6b8","status":"affected","versionType":"git"},{"version":"f92363d12359498f9a9960511de1a550f0ec41c2","lessThan":"1703fe4f8ae50d1fb6449854e1fcaed1053e3a14","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/scsi/mpt3sas/mpt3sas_transport.c"],"versions":[{"version":"3.8","status":"affected"},{"version":"0","lessThan":"3.8","status":"unaffected","versionType":"semver"},{"version":"5.4.301","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.246","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.195","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.156","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.112","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.53","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.17.3","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.4.301"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.10.246"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.15.195"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"6.1.156"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"6.6.112"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"6.12.53"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"6.17.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"6.18"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/b3a6d153861d0f29b80882470d14aafb8d687dc2"},{"url":"https://git.kernel.org/stable/c/4e1442bae50ed633c2fe8058f47cd79b4ad88b9b"},{"url":"https://git.kernel.org/stable/c/a89253eb4e648deace48a4e38996afd182eb95e3"},{"url":"https://git.kernel.org/stable/c/fa153fb40c61f8ca01237427c97a0b93ba32c403"},{"url":"https://git.kernel.org/stable/c/6459dba4f35017448535a799cf699d5205eb5489"},{"url":"https://git.kernel.org/stable/c/1fd39e14d47d9b4965dd5c9cff16e64ba3e71a62"},{"url":"https://git.kernel.org/stable/c/970ceb1bdc3d6c2af9245d6eca38606e74fcb6b8"},{"url":"https://git.kernel.org/stable/c/1703fe4f8ae50d1fb6449854e1fcaed1053e3a14"}],"title":"scsi: mpt3sas: Fix crash in transport port remove by using ioc_info()","x_generator":{"engine":"bippy-1.2.0"}}}}