CVE-2025-21957

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-21957
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21957.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-21957
Downstream
Related
Published
2025-04-01T15:46:56.733Z
Modified
2026-05-15T04:12:56.885616226Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
scsi: qla1280: Fix kernel oops when debug level > 2
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla1280: Fix kernel oops when debug level > 2

A null dereference or oops exception will eventually occur when qla1280.c driver is compiled with DEBUGQLA1280 enabled and qldebuglevel > 2. I think its clear from the code that the intention here is sgdmalen(s) not length of sgnext(s) when printing the debug info.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21957.json"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.24
Fixed
5.4.292
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.236
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.180
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.132
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.84
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.20
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.13.8

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21957.json"