AZL-73087

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73087.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-73087

Upstream

CVE-2025-68745

Published

2025-12-24T13:16:29Z

Modified

2026-04-01T05:22:36.055716Z

Summary

CVE-2025-68745 affecting package kernel 6.6.126.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Clear cmds after chip reset

Commit aefed3e5548f ("scsi: qla2xxx: target: Fix offline port handling and host reset handling") caused two problems:

Commands sent to FW, after chip reset got stuck and never freed as FW is not going to respond to them anymore.
BUGON(cmd->sgmapped) in qltfreecmd(). Commit 26f9ce53817a ("scsi: qla2xxx: Fix missed DMA unmap for aborted commands") attempted to fix this, but introduced another bug under different circumstances when two different CPUs were racing to call qltunmapsg() at the same time: BUGON(!validdmadirection(dir)) in dmaunmapsgattrs().

So revert "scsi: qla2xxx: Fix missed DMA unmap for aborted commands" and partially revert "scsi: qla2xxx: target: Fix offline port handling and host reset handling" at _qla2x00abortallcmds.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-68745

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

6.6.126.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73087.json"