Linux Kernel Vulnerability in iscsi Target Handling
CVE-2025-38075

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 June 2025

What is CVE-2025-38075?

A vulnerability in the Linux kernel's iscsi target can lead to a system crash due to a timeout issue on deleted connections. Specifically, the NOPIN response timer may expire unexpectedly, causing a NULL pointer dereference. This situation arises when the nopin timer is restarted upon expiration. To prevent this, the nopin timer must be stopped before halting the nopin response timer, ensuring that neither of them is restarted improperly. Such issues have been documented in system logs and need swift remediation to maintain stability and performance.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 571ce6b6f5cbaf7d24af03cad592fc0e2a54de35

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2c5081439c7ab8da08427befe427f0d732ebc9f9

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 019ca2804f3fb49a7f8e56ea6aeaa1ff32724c27

References

https://git.kernel.org/stable/c/571ce6b6f5cbaf7d24af03cad...

https://git.kernel.org/stable/c/2c5081439c7ab8da08427befe...

https://git.kernel.org/stable/c/019ca2804f3fb49a7f8e56ea6...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
Apr 16, 2025