SB2025090866 - NULL pointer dereference in Linux kernel scsi qla4xxx driver
Published: September 8, 2025
Security Bulletin ID
SB2025090866
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-39676)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla4xxx_get_ep_fwdb() function in drivers/scsi/qla4xxx/ql4_os.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/325bf7d57c4e2a341e381c5805e454fb69dd78c3
- https://git.kernel.org/stable/c/46288d12d1c30d08fbeffd05abc079f57a43a2d4
- https://git.kernel.org/stable/c/9dcf111dd3e7ed5fce82bb108e3a3fc001c07225
- https://git.kernel.org/stable/c/ad8a9d38d30c691a77c456e72b78f7932d4f234d
- https://git.kernel.org/stable/c/d0225f41ee70611ca88ccb22c8542ecdfa7faea8
- https://git.kernel.org/stable/c/f1424c830d6ce840341aac33fe99c8ac45447ac1
- https://git.kernel.org/stable/c/f4bc3cdfe95115191e24592bbfc15f1d4a705a75
- https://git.kernel.org/stable/c/f5ad0819f902b4b33591791b92a0350fb3692a6b