5.5

CVE-2025-21957

scsi: qla1280: Fix kernel oops when debug level > 2

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla1280: Fix kernel oops when debug level > 2

A null dereference or oops exception will eventually occur when qla1280.c
driver is compiled with DEBUG_QLA1280 enabled and ql_debug_level > 2.  I
think its clear from the code that the intention here is sg_dma_len(s) not
length of sg_next(s) when printing the debug info.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.4.292
LinuxLinux Kernel Version >= 5.5 < 5.10.236
LinuxLinux Kernel Version >= 5.11 < 5.15.180
LinuxLinux Kernel Version >= 5.16 < 6.1.132
LinuxLinux Kernel Version >= 6.2 < 6.6.84
LinuxLinux Kernel Version >= 6.7 < 6.12.20
LinuxLinux Kernel Version >= 6.13 < 6.13.8
LinuxLinux Kernel Version6.14 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.1
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/24602e2664c515a4f2950d7b52c3d5997463418c
Patch
https://git.kernel.org/stable/c/5233e3235dec3065ccc632729675575dbe3c6b8a
Patch
https://git.kernel.org/stable/c/7ac2473e727d67a38266b2b7e55c752402ab588c
Patch
https://git.kernel.org/stable/c/af71ba921d08c241a817010f96458dc5e5e26762
Patch
https://git.kernel.org/stable/c/ea371d1cdefb0951c7127a33bcd7eb931cf44571
Patch
https://git.kernel.org/stable/c/11a8dac1177a596648a020a7f3708257a2f95fee
Patch
https://git.kernel.org/stable/c/afa27b7c17a48e01546ccaad0ab017ad0496a522
Patch
https://git.kernel.org/stable/c/c737e2a5fb7f90b96a96121da1b50a9c74ae9b8c
Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html