Linux Kernel Vulnerability in SCSI Target Implementation
CVE-2025-38399

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38399?

A vulnerability exists in the Linux kernel's SCSI target subsystem, specifically within the function core_scsi3_decode_spec_i_port(). This issue arises during error handling when the function calls core_scsi3_lunacl_undepend_item() with a potentially NULL pointer, dest_se_deve. If this pointer is not set, it can lead to a NULL pointer dereference, ultimately causing kernel panic or destabilization of the system. Implementing a NULL check before invoking this function is essential to prevent exploitation and ensure system integrity.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 70ddb8133fdb512d4b1f2b4fd1c9e518514f182c

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1129e0e0a833acf90429e0f13951068d5f026e4f

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1627dda4d70ceb1ba62af2e401af73c09abb1eb5

References

https://git.kernel.org/stable/c/70ddb8133fdb512d4b1f2b4fd...

https://git.kernel.org/stable/c/1129e0e0a833acf90429e0f13...

https://git.kernel.org/stable/c/1627dda4d70ceb1ba62af2e40...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025