{"id":"CVE-2025-40134","summary":"dm: fix NULL pointer dereference in __dm_suspend()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix NULL pointer dereference in __dm_suspend()\n\nThere is a race condition between dm device suspend and table load that\ncan lead to null pointer dereference. The issue occurs when suspend is\ninvoked before table load completes:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000054\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 6 PID: 6798 Comm: dmsetup Not tainted 6.6.0-g7e52f5f0ca9b #62\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014\nRIP: 0010:blk_mq_wait_quiesce_done+0x0/0x50\nCall Trace:\n  \u003cTASK\u003e\n  blk_mq_quiesce_queue+0x2c/0x50\n  dm_stop_queue+0xd/0x20\n  __dm_suspend+0x130/0x330\n  dm_suspend+0x11a/0x180\n  dev_suspend+0x27e/0x560\n  ctl_ioctl+0x4cf/0x850\n  dm_ctl_ioctl+0xd/0x20\n  vfs_ioctl+0x1d/0x50\n  __se_sys_ioctl+0x9b/0xc0\n  __x64_sys_ioctl+0x19/0x30\n  x64_sys_call+0x2c4a/0x4620\n  do_syscall_64+0x9e/0x1b0\n\nThe issue can be triggered as below:\n\nT1 \t\t\t\t\t\tT2\ndm_suspend\t\t\t\t\ttable_load\n__dm_suspend\t\t\t\t\tdm_setup_md_queue\n\t\t\t\t\t\tdm_mq_init_request_queue\n\t\t\t\t\t\tblk_mq_init_allocated_queue\n\t\t\t\t\t\t=\u003e q-\u003emq_ops = set-\u003eops; (1)\ndm_stop_queue / dm_wait_for_completion\n=\u003e q-\u003etag_set NULL pointer!\t(2)\n\t\t\t\t\t\t=\u003e q-\u003etag_set = set; (3)\n\nFix this by checking if a valid table (map) exists before performing\nrequest-based suspend and waiting for target I/O. When map is NULL,\nskip these table-dependent suspend steps.\n\nEven when map is NULL, no I/O can reach any target because there is\nno table loaded; I/O submitted in this state will fail early in the\nDM layer. Skipping the table-dependent suspend logic in this case\nis safe and avoids NULL pointer dereferences.","modified":"2026-04-02T12:48:17.981066Z","published":"2025-11-12T10:23:22.771Z","related":["SUSE-SU-2026:0278-1","SUSE-SU-2026:0281-1","SUSE-SU-2026:0293-1","SUSE-SU-2026:0315-1","SUSE-SU-2026:20012-1","SUSE-SU-2026:20015-1","SUSE-SU-2026:20021-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1","openSUSE-SU-2025:20172-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40134.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/19ca4528666990be376ac3eb6fe667b03db5324d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/30f95b7eda5966b81cb221bd569c0f095a068cf6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/331c2dd8ca8bad1a3ac10cce847ffb76158eece4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/846cafc4725ca727d94f9c4b5f789c1a7c8fb6fe"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8d33a030c566e1f105cd5bf27f37940b6367f3be"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9dc43ea6a20ff83fe9a5fe4be47ae0fbf2409b98"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a0e54bd8d7ea79127fe9920df3ae36f85e79ac7c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a802901b75e13cc306f1b7ab0f062135c8034e9e"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40134.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40134"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c4576aed8d85d808cd6443bda58393d525207d01"},{"fixed":"9dc43ea6a20ff83fe9a5fe4be47ae0fbf2409b98"},{"fixed":"30f95b7eda5966b81cb221bd569c0f095a068cf6"},{"fixed":"a0e54bd8d7ea79127fe9920df3ae36f85e79ac7c"},{"fixed":"a802901b75e13cc306f1b7ab0f062135c8034e9e"},{"fixed":"846cafc4725ca727d94f9c4b5f789c1a7c8fb6fe"},{"fixed":"19ca4528666990be376ac3eb6fe667b03db5324d"},{"fixed":"331c2dd8ca8bad1a3ac10cce847ffb76158eece4"},{"fixed":"8d33a030c566e1f105cd5bf27f37940b6367f3be"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40134.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.0.0"},{"fixed":"5.4.301"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.246"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.195"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.156"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.112"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.53"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.17.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40134.json"}}],"schema_version":"1.7.5"}