🟡 Medium | Source: Microsoft Security Response Center
CVE-2025-40146 is a Linux kernel vulnerability in the block multi-queue (blk-mq) subsystem, where a deadlock condition can occur when the number of requests (nr_requests) is increased. This affects Azure Linux-based virtual machines and container workloads running vulnerable kernel versions. A deadlock in the storage I/O layer can cause system hangs or denial of service, impacting availability of cloud workloads.
Security Architect’s Take: Review Azure Linux VM and AKS node pool kernel versions to confirm whether the patched kernel is deployed; prioritise patching or reimaging nodes running affected kernel builds, particularly where storage-intensive or high-throughput workloads are present, as a triggered deadlock could cause full I/O subsystem unavailability.
Original advisory: CVE-2025-40146 blk-mq: fix potential deadlock while nr_requests grown