Acknowledged
Created: Dec 10, 2025
Updated: Dec 12, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]nvmet-fc: avoid scheduling association deletion twice[EOL][EOL]When forcefully shutting down a port via the configfs interface,[EOL]nvmet_port_subsys_drop_link() first calls nvmet_port_del_ctrls() and[EOL]then nvmet_disable_port(). Both functions will eventually schedule all[EOL]remaining associations for deletion.[EOL][EOL]The current implementation checks whether an association is about to be[EOL]removed, but only after the work item has already been scheduled. As a[EOL]result, it is possible for the first scheduled work item to free all[EOL]resources, and then for the same work item to be scheduled again for[EOL]deletion.[EOL][EOL]Because the association list is an RCU list, it is not possible to take[EOL]a lock and remove the list entry directly, so it cannot be looked up[EOL]again. Instead, a flag (terminating) must be used to determine whether[EOL]the association is already in the process of being deleted.
