CVE-2025-38075
- Source
- https://cve.org/CVERecord?id=CVE-2025-38075
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38075.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38075
- Downstream
- Related
- Published
- 2025-06-18T09:33:50.646Z
- Modified
- 2026-06-18T03:56:24.505221532Z
- Summary
- scsi: target: iscsi: Fix timeout on deleted connection
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: iscsi: Fix timeout on deleted connection
NOPIN response timer may expire on a deleted connection and crash with such logs:
Did not receive response to NOPIN on CID: 0, failing connection for I_T Nexus (null),i,0x00023d000125,iqn.2017-01.com.iscsi.target,t,0x3d
BUG: Kernel NULL pointer dereference on read at 0x00000000 NIP strlcpy+0x8/0xb0 LR iscsitfillcxntimeouterrstats+0x5c/0xc0 [iscsitargetmod] Call Trace: iscsithandlenopinresponsetimeout+0xfc/0x120 [iscsitargetmod] calltimerfn+0x58/0x1f0 runtimer_softirq+0x740/0x860 _dosoftirq+0x16c/0x420 irqexit+0x188/0x1c0 timerinterrupt+0x184/0x410
That is because nopin response timer may be re-started on nopin timer expiration.
Stop nopin timer before stopping the nopin response timer to be sure that no one of them will be re-started.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38075.json" }- References
-
- https://git.kernel.org/stable/c/019ca2804f3fb49a7f8e56ea6aeaa1ff32724c27
- https://git.kernel.org/stable/c/2c5081439c7ab8da08427befe427f0d732ebc9f9
- https://git.kernel.org/stable/c/3e6429e3707943078240a2c0c0b3ee99ea9b0d9c
- https://git.kernel.org/stable/c/571ce6b6f5cbaf7d24af03cad592fc0e2a54de35
- https://git.kernel.org/stable/c/6815846e0c3a62116a7da9740e3a7c10edc5c7e9
- https://git.kernel.org/stable/c/7f533cc5ee4c4436cee51dc58e81dfd9c3384418
- https://git.kernel.org/stable/c/87389bff743c55b6b85282de91109391f43e0814
- https://git.kernel.org/stable/c/fe8421e853ef289e1324fcda004751c89dd9c18a
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38075.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-38075
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede48354ce078c079996f89d715dfa44814b4eba01Fixed571ce6b6f5cbaf7d24af03cad592fc0e2a54de35Fixed2c5081439c7ab8da08427befe427f0d732ebc9f9Fixed019ca2804f3fb49a7f8e56ea6aeaa1ff32724c27Fixed6815846e0c3a62116a7da9740e3a7c10edc5c7e9Fixedfe8421e853ef289e1324fcda004751c89dd9c18aFixed87389bff743c55b6b85282de91109391f43e0814Fixed3e6429e3707943078240a2c0c0b3ee99ea9b0d9cFixed7f533cc5ee4c4436cee51dc58e81dfd9c3384418
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced3.1.0Fixed5.4.294
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.238
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.185
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.141
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.93
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.31
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.14.9