5.5

CVE-2025-38399

scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()

The function core_scsi3_decode_spec_i_port(), in its error code path,
unconditionally calls core_scsi3_lunacl_undepend_item() passing the
dest_se_deve pointer, which may be NULL.

This can lead to a NULL pointer dereference if dest_se_deve remains
unset.

SPC-3 PR SPEC_I_PT: Unable to locate dest_tpg
Unable to handle kernel paging request at virtual address dfff800000000012
Call trace:
  core_scsi3_lunacl_undepend_item+0x2c/0xf0 [target_core_mod] (P)
  core_scsi3_decode_spec_i_port+0x120c/0x1c30 [target_core_mod]
  core_scsi3_emulate_pro_register+0x6b8/0xcd8 [target_core_mod]
  target_scsi3_emulate_pr_out+0x56c/0x840 [target_core_mod]

Fix this by adding a NULL check before calling
core_scsi3_lunacl_undepend_item()
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.9 < 5.10.240
LinuxLinux Kernel Version >= 5.11 < 5.15.187
LinuxLinux Kernel Version >= 5.16 < 6.1.144
LinuxLinux Kernel Version >= 6.2 < 6.6.97
LinuxLinux Kernel Version >= 6.7 < 6.12.37
LinuxLinux Kernel Version >= 6.13 < 6.15.6
LinuxLinux Kernel Version6.16 Updaterc1
LinuxLinux Kernel Version6.16 Updaterc2
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.052
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/1129e0e0a833acf90429e0f13951068d5f026e4f
Patch
https://git.kernel.org/stable/c/1627dda4d70ceb1ba62af2e401af73c09abb1eb5
Patch
https://git.kernel.org/stable/c/55dfffc5e94730370b08de02c0cf3b7c951bbe9e
Patch
https://git.kernel.org/stable/c/70ddb8133fdb512d4b1f2b4fd1c9e518514f182c
Patch
https://git.kernel.org/stable/c/7296c938df2445f342be456a6ff0b3931d97f4e5
Patch
https://git.kernel.org/stable/c/c412185d557578d3f936537ed639c4ffaaed4075
Patch
https://git.kernel.org/stable/c/d8ab68bdb294b09a761e967dad374f2965e1913f
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory