SB2025090483 - NULL pointer dereference in Linux kernel scsi driver
Published: September 4, 2025
Security Bulletin ID
SB2025090483
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-38700)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iscsi_conn_setup() function in drivers/scsi/libiscsi.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/2b242ea14386a510010eabfbfc3ce81a101f3802
- https://git.kernel.org/stable/c/35782c32528d82aa21f84cb5ceb2abd3526a8159
- https://git.kernel.org/stable/c/3ea3a256ed81f95ab0f3281a0e234b01a9cae605
- https://git.kernel.org/stable/c/66a373f50b4249d57f5a88c7be9676f9d5884865
- https://git.kernel.org/stable/c/9ea6d961566c7d762ed0204b06db05756fdda3b6
- https://git.kernel.org/stable/c/a145c269dc5380c063a20a0db7e6df2995962e9d
- https://git.kernel.org/stable/c/a33d42b7fc24fe03f239fbb0880dd5b4b4b97c19
- https://git.kernel.org/stable/c/f53af99f441ee79599d8df6113a7144d74cf9153
- https://git.kernel.org/stable/c/fd5aad080edb501ab5c84b7623d612d0e3033403