Linux Kernel Vulnerability in SCSI Interface Affects Multiple Distributions
CVE-2025-38700

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-38700?

A vulnerability exists in the Linux kernel's SCSI subsystem, specifically in the initialization of iscsi_conn->dd_data. If a memory allocation for ib_fast_reg_mr fails during iSER setup, it leads to a system panic due to an uninitialized pointer dereference. This flaw occurs because iscsi_conn->dd_data is set regardless of memory allocation, resulting in potential crashes when terminating connections. The issue has been rectified by ensuring that iscsi_conn->dd_data is assigned only after a successful memory allocation.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9ea6d961566c7d762ed0204b06db05756fdda3b6

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/f53af99f441ee79599d8df611...

https://git.kernel.org/stable/c/9ea6d961566c7d762ed0204b0...

https://git.kernel.org/stable/c/fd5aad080edb501ab5c84b762...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Apr 16, 2025