SB2025090487 - NULL pointer dereference in Linux kernel scsi lpfc driver
Published: September 4, 2025
Security Bulletin ID
SB2025090487
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-38695)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lpfc_sli4_vport_delete_fcp_xri_aborted() function in drivers/scsi/lpfc/lpfc_scsi.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/46a0602c24d7d425dd8e00c749cd64a934aac7ec
- https://git.kernel.org/stable/c/571617f171f723b05f02d154a2e549a17eab4935
- https://git.kernel.org/stable/c/5e25ee1ecec91c61a8acf938ad338399cad464de
- https://git.kernel.org/stable/c/6698796282e828733cde3329c887b4ae9e5545e9
- https://git.kernel.org/stable/c/6711ce7e9de4eb1a541ef30638df1294ea4267f8
- https://git.kernel.org/stable/c/74bdf54a847dab209d2a8f65852f59b7fa156175
- https://git.kernel.org/stable/c/7925dd68807cc8fd755b04ca99e7e6f1c04392e8
- https://git.kernel.org/stable/c/add68606a01dcccf18837a53e85b85caf0693b4b
- https://git.kernel.org/stable/c/d3f55f46bb37a8ec73bfe3cfe36e3ecfa2945dfa