| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025061840-CVE-2025-38075-19d6@gregkh> Date: Wed, 18 Jun 2025 11:34:10 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix timeout on deleted connection NOPIN response timer may expire on a deleted connection and crash with such logs: Did not receive response to NOPIN on CID: 0, failing connection for I_T Nexus (null),i,0x00023d000125,iqn.2017-01.com.iscsi.target,t,0x3d BUG: Kernel NULL pointer dereference on read at 0x00000000 NIP strlcpy+0x8/0xb0 LR iscsit_fill_cxn_timeout_err_stats+0x5c/0xc0 [iscsi_target_mod] Call Trace: iscsit_handle_nopin_response_timeout+0xfc/0x120 [iscsi_target_mod] call_timer_fn+0x58/0x1f0 run_timer_softirq+0x740/0x860 __do_softirq+0x16c/0x420 irq_exit+0x188/0x1c0 timer_interrupt+0x184/0x410 That is because nopin response timer may be re-started on nopin timer expiration. Stop nopin timer before stopping the nopin response timer to be sure that no one of them will be re-started. The Linux kernel CVE team has assigned CVE-2025-38075 to this issue. Affected and fixed versions =========================== Fixed in 5.4.294 with commit 571ce6b6f5cbaf7d24af03cad592fc0e2a54de35 Fixed in 5.10.238 with commit 2c5081439c7ab8da08427befe427f0d732ebc9f9 Fixed in 5.15.185 with commit 019ca2804f3fb49a7f8e56ea6aeaa1ff32724c27 Fixed in 6.1.141 with commit 6815846e0c3a62116a7da9740e3a7c10edc5c7e9 Fixed in 6.6.93 with commit fe8421e853ef289e1324fcda004751c89dd9c18a Fixed in 6.12.31 with commit 87389bff743c55b6b85282de91109391f43e0814 Fixed in 6.14.9 with commit 3e6429e3707943078240a2c0c0b3ee99ea9b0d9c Fixed in 6.15 with commit 7f533cc5ee4c4436cee51dc58e81dfd9c3384418 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38075 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/target/iscsi/iscsi_target.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/571ce6b6f5cbaf7d24af03cad592fc0e2a54de35 https://git.kernel.org/stable/c/2c5081439c7ab8da08427befe427f0d732ebc9f9 https://git.kernel.org/stable/c/019ca2804f3fb49a7f8e56ea6aeaa1ff32724c27 https://git.kernel.org/stable/c/6815846e0c3a62116a7da9740e3a7c10edc5c7e9 https://git.kernel.org/stable/c/fe8421e853ef289e1324fcda004751c89dd9c18a https://git.kernel.org/stable/c/87389bff743c55b6b85282de91109391f43e0814 https://git.kernel.org/stable/c/3e6429e3707943078240a2c0c0b3ee99ea9b0d9c https://git.kernel.org/stable/c/7f533cc5ee4c4436cee51dc58e81dfd9c3384418
Powered by blists - more mailing lists