CVE-2025-38075

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-38075

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38075.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-38075

Downstream

BELL-CVE-2025-38075

DEBIAN-CVE-2025-38075

DSA-5973-1

ECHO-983f-b4a1-3fe6

OESA-2025-1878

OESA-2025-1879

OESA-2025-1880

SUSE-SU-2025:03301-1

UBUNTU-CVE-2025-38075

USN-7704-1

USN-7704-2

USN-7704-3

USN-7704-4

USN-7704-5

USN-7711-1

USN-7712-1

USN-7712-2

USN-7769-1

USN-7769-2

USN-7769-3

USN-7770-1

Related

SUSE-SU-2025:03301-1

Published

2025-06-18T10:15:40Z

Modified

2025-08-12T21:01:39Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: iscsi: Fix timeout on deleted connection

NOPIN response timer may expire on a deleted connection and crash with such logs:

Did not receive response to NOPIN on CID: 0, failing connection for I_T Nexus (null),i,0x00023d000125,iqn.2017-01.com.iscsi.target,t,0x3d

BUG: Kernel NULL pointer dereference on read at 0x00000000 NIP strlcpy+0x8/0xb0 LR iscsitfillcxntimeouterrstats+0x5c/0xc0 [iscsitargetmod] Call Trace: iscsithandlenopinresponsetimeout+0xfc/0x120 [iscsitargetmod] calltimerfn+0x58/0x1f0 runtimersoftirq+0x740/0x860 _dosoftirq+0x16c/0x420 irqexit+0x188/0x1c0 timer_interrupt+0x184/0x410

That is because nopin response timer may be re-started on nopin timer expiration.

Stop nopin timer before stopping the nopin response timer to be sure that no one of them will be re-started.

References

Affected packages