A subtle ordering bug in the Linux kernel's NVMe over Fibre Channel (nvme‑fc) driver has been assigned CVE‑2025‑40261 and fixed by a small but critical change: ensure the work item used to report I/O errors (->ioerr_work) is cancelled only after the controller's transport association is fully...
