CVE-2025-68371

Previously, a scheduled work item to reset a LUN could still execute after the device was removed, leading to use-after-free and other resource access issues.

This race condition occurs because the abort handler may schedule a LUN reset concurrently with device removal via sdev_destroy(), leading to use-after-free and improper access to freed resources.

Check in the device reset handler if the device is still present in the controller's SCSI device list before running; if not, the reset is skipped.
Cancel any pending TMF work that has not started in sdev_destroy().
Ensure device freeing in sdev_destroy() is done while holding the LUN reset mutex to avoid races with ongoing resets.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68371.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

2d80f4054f7f901b8ad97358a9069616ac8524c7

Fixed

7dfa5a5516ec3c6b9b6c22ee18f0eb2df3f38ef2

Fixed

6d2390653d82cad0e1ba2676e536dd99678f6ef1

Fixed

eccc02ba1747501d92bb2049e3ce378ba372f641

Fixed

4e1acf1b6dd6dd0495bda139daafd7a403ae2dc1

Fixed

1a5c5a2f88e839af5320216a02ffb075b668596a

Fixed

b518e86d1a70a88f6592a7c396cf1b93493d1aab

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68371.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0.0

Fixed

6.1.160

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.120

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.63

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.17.13

Type: ECOSYSTEM
Events: Introduced

6.18.0

Fixed

6.18.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68371.json"