SB2025071111 - Out-of-bounds read in Linux kernel scsi megaraid driver
Published: July 11, 2025
Security Bulletin ID
SB2025071111
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2025-38239)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the megasas_set_high_iops_queue_affinity_and_hint() function in drivers/scsi/megaraid/megaraid_sas_base.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/074efb35552556a4b3b25eedab076d5dc24a8199
- https://git.kernel.org/stable/c/19a47c966deb36624843b7301f0373a3dc541a05
- https://git.kernel.org/stable/c/752eb816b55adb0673727ba0ed96609a17895654
- https://git.kernel.org/stable/c/bf2c1643abc3b2507d56bb6c22bf9897272f8a35
- https://git.kernel.org/stable/c/f1064b3532192e987ab17be7281d5fee36fd25e1