Linux Kernel Vulnerability in SCSI Target Implementation
CVE-2025-38399

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
25 July 2025

What is CVE-2025-38399?

A vulnerability exists in the Linux kernel's SCSI target subsystem, specifically within the function core_scsi3_decode_spec_i_port(). This issue arises during error handling when the function calls core_scsi3_lunacl_undepend_item() with a potentially NULL pointer, dest_se_deve. If this pointer is not set, it can lead to a NULL pointer dereference, ultimately causing kernel panic or destabilization of the system. Implementing a NULL check before invoking this function is essential to prevent exploitation and ensure system integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux f32ba612ef0f8eecaf6d2a5b04076ee7ea9ed039 < 70ddb8133fdb512d4b1f2b4fd1c9e518514f182c

Linux f32ba612ef0f8eecaf6d2a5b04076ee7ea9ed039 < 1129e0e0a833acf90429e0f13951068d5f026e4f

Linux f32ba612ef0f8eecaf6d2a5b04076ee7ea9ed039 < 1627dda4d70ceb1ba62af2e401af73c09abb1eb5

References

https://git.kernel.org/stable/c/70ddb8133fdb512d4b1f2b4fd...
https://git.kernel.org/stable/c/1129e0e0a833acf90429e0f13...
https://git.kernel.org/stable/c/1627dda4d70ceb1ba62af2e40...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.