#VU114823 NULL pointer dereference in Linux kernel - CVE-2025-38700
Published: September 4, 2025
Vulnerability identifier: #VU114823
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-38700
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iscsi_conn_setup() function in drivers/scsi/libiscsi.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/2b242ea14386a510010eabfbfc3ce81a101f3802
- https://git.kernel.org/stable/c/35782c32528d82aa21f84cb5ceb2abd3526a8159
- https://git.kernel.org/stable/c/3ea3a256ed81f95ab0f3281a0e234b01a9cae605
- https://git.kernel.org/stable/c/66a373f50b4249d57f5a88c7be9676f9d5884865
- https://git.kernel.org/stable/c/9ea6d961566c7d762ed0204b06db05756fdda3b6
- https://git.kernel.org/stable/c/a145c269dc5380c063a20a0db7e6df2995962e9d
- https://git.kernel.org/stable/c/a33d42b7fc24fe03f239fbb0880dd5b4b4b97c19
- https://git.kernel.org/stable/c/f53af99f441ee79599d8df6113a7144d74cf9153
- https://git.kernel.org/stable/c/fd5aad080edb501ab5c84b7623d612d0e3033403