| Reporter | Title | Published | Views | Family All 202 |
|---|---|---|---|---|
| Astra Linux – Vulnerability in Linux 6.12 | 13 Jan 202614:01 | – | astralinux | |
| The vulnerability of the `nvme_fc_delete_association()` function in the `drivers/nvme/host/fc.c` file of the NVMe over Fibre Channel driver for the Linux operating system allows a attacker to cause a service failure. | 16 Dec 202500:00 | – | bdu_fstec | |
| CVE-2025-40261 affecting package kernel for versions less than 6.6.119.3-1 | 12 Jan 202621:27 | – | cbl_mariner | |
| CVE-2025-40261 | 4 Dec 202518:26 | – | circl | |
| Linux kernel 安全漏洞 | 4 Dec 202500:00 | – | cnnvd | |
| CVE-2025-40261 | 4 Dec 202516:08 | – | cve | |
| CVE-2025-40261 nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() | 4 Dec 202516:08 | – | cvelist | |
| [SECURITY] [DLA 4404-1] linux security update | 12 Dec 202513:38 | – | debian | |
| [SECURITY] [DLA 4436-1] linux-6.1 security update | 14 Jan 202613:50 | – | debian | |
| [SECURITY] [DLA 4561-1] linux-6.1 security update | 2 May 202608:40 | – | debian |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(505411);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/07/17");
script_cve_id("CVE-2025-40261");
script_xref(name:"ICSA", value:"26-188-05");
script_name(english:"Siemens RUGGEDCOM RST2428P Multiple Releases of Same Resource or Handle (CVE-2025-40261)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"In the Linux kernel, the following vulnerability has been resolved:
nvme: nvme-fc: Ensure ->ioerr_work is cancelled in
nvme_fc_delete_ctrl() nvme_fc_delete_assocation() waits for pending
I/O to complete before returning, and an error can cause ->ioerr_work
to be queued after cancel_work_sync() had been called. Move the call
to cancel_work_sync() to be after nvme_fc_delete_association() to
ensure ->ioerr_work is not running when the nvme_fc_ctrl object is
freed. Otherwise the following can occur: [ 1135.911754] list_del
corruption, ff2d24c8093f31f8->next is NULL [ 1135.917705]
------------[ cut here ]------------ [ 1135.922336] kernel BUG at
lib/list_debug.c:52! [ 1135.926784] Oops: invalid opcode: 0000 [#1]
SMP NOPTI [ 1135.931851] CPU: 48 UID: 0 PID: 726 Comm:
kworker/u449:23 Kdump: loaded Not tainted 6.12.0 #1 PREEMPT(voluntary)
[ 1135.943490] Hardware name: Dell Inc. PowerEdge R660/0HGTK9, BIOS
2.5.4 01/16/2025 [ 1135.950969] Workqueue: 0x0 (nvme-wq) [
1135.954673] RIP: 0010:__list_del_entry_valid_or_report.cold+0xf/0x6f
[ 1135.961041] Code: c7 c7 98 68 72 94 e8 26 45 fe ff 0f 0b 48 c7 c7
70 68 72 94 e8 18 45 fe ff 0f 0b 48 89 fe 48 c7 c7 80 69 72 94 e8 07
45 fe ff <0f> 0b 48 89 d1 48 c7 c7 a0 6a 72 94 48 89 c2 e8 f3 44 fe ff
0f 0b [ 1135.979788] RSP: 0018:ff579b19482d3e50 EFLAGS: 00010046 [
1135.985015] RAX: 0000000000000033 RBX: ff2d24c8093f31f0 RCX:
0000000000000000 [ 1135.992148] RDX: 0000000000000000 RSI:
ff2d24d6bfa1d0c0 RDI: ff2d24d6bfa1d0c0 [ 1135.999278] RBP:
ff2d24c8093f31f8 R08: 0000000000000000 R09: ffffffff951e2b08 [
1136.006413] R10: ffffffff95122ac8 R11: 0000000000000003 R12:
ff2d24c78697c100 [ 1136.013546] R13: fffffffffffffff8 R14:
0000000000000000 R15: ff2d24c78697c0c0 [ 1136.020677] FS:
0000000000000000(0000) GS:ff2d24d6bfa00000(0000)
knlGS:0000000000000000 [ 1136.028765] CS: 0010 DS: 0000 ES: 0000
CR0: 0000000080050033 [ 1136.034510] CR2: 00007fd207f90b80 CR3:
000000163ea22003 CR4: 0000000000f73ef0 [ 1136.041641] DR0:
0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [
1136.048776] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7:
0000000000000400 [ 1136.055910] PKRU: 55555554 [ 1136.058623] Call
Trace: [ 1136.061074] <TASK> [ 1136.063179] ?
show_trace_log_lvl+0x1b0/0x2f0 [ 1136.067540] ?
show_trace_log_lvl+0x1b0/0x2f0 [ 1136.071898] ?
move_linked_works+0x4a/0xa0 [ 1136.075998] ?
__list_del_entry_valid_or_report.cold+0xf/0x6f [ 1136.081744] ?
__die_body.cold+0x8/0x12 [ 1136.085584] ? die+0x2e/0x50 [
1136.088469] ? do_trap+0xca/0x110 [ 1136.091789] ?
do_error_trap+0x65/0x80 [ 1136.095543] ?
__list_del_entry_valid_or_report.cold+0xf/0x6f [ 1136.101289] ?
exc_invalid_op+0x50/0x70 [ 1136.105127] ?
__list_del_entry_valid_or_report.cold+0xf/0x6f [ 1136.110874] ?
asm_exc_invalid_op+0x1a/0x20 [ 1136.115059] ?
__list_del_entry_valid_or_report.cold+0xf/0x6f [ 1136.120806]
move_linked_works+0x4a/0xa0 [ 1136.124733] worker_thread+0x216/0x3a0
[ 1136.128485] ? __pfx_worker_thread+0x10/0x10 [ 1136.132758]
kthread+0xfa/0x240 [ 1136.135904] ? __pfx_kthread+0x10/0x10 [
1136.139657] ret_from_fork+0x31/0x50 [ 1136.143236] ?
__pfx_kthread+0x10/0x10 [ 1136.146988] ret_from_fork_asm+0x1a/0x30
[ 1136.150915] </TASK>
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/html/ssa-253495.html");
script_set_attribute(attribute:"see_also", value:"https://support.industry.siemens.com/cs/ww/en/view/110002573/");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/ICSA-26-188-05");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-40261");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(1341);
script_set_attribute(attribute:"vuln_publication_date", value:"2025/12/04");
script_set_attribute(attribute:"patch_publication_date", value:"2026/06/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/18");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:ruggedcom_rst2428p_firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Siemens");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Siemens');
var asset = tenable_ot::assets::get(vendor:'Siemens');
var vuln_cpes = {
"cpe:/o:siemens:ruggedcom_rst2428p_firmware" :
{"family" : "RuggedCom", "orderNumbers" : ['6GK6242-6PA00'], "versionEndExcluding" : "4.0"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation