-

CVE-2025-38399

EPSS 0.04%
Veröffentlicht 25.07.2025 13:15:29
Zuletzt bearbeitet 25.07.2025 15:29:19
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()

The function core_scsi3_decode_spec_i_port(), in its error code path,
unconditionally calls core_scsi3_lunacl_undepend_item() passing the
dest_se_deve pointer, which may be NULL.

This can lead to a NULL pointer dereference if dest_se_deve remains
unset.

SPC-3 PR SPEC_I_PT: Unable to locate dest_tpg
Unable to handle kernel paging request at virtual address dfff800000000012
Call trace:
  core_scsi3_lunacl_undepend_item+0x2c/0xf0 [target_core_mod] (P)
  core_scsi3_decode_spec_i_port+0x120c/0x1c30 [target_core_mod]
  core_scsi3_emulate_pro_register+0x6b8/0xcd8 [target_core_mod]
  target_scsi3_emulate_pr_out+0x56c/0x840 [target_core_mod]

Fix this by adding a NULL check before calling
core_scsi3_lunacl_undepend_item()

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 70ddb8133fdb512d4b1f2b4fd1c9e518514f182c

Version f32ba612ef0f8eecaf6d2a5b04076ee7ea9ed039

Status affected

Version < 1129e0e0a833acf90429e0f13951068d5f026e4f

Version f32ba612ef0f8eecaf6d2a5b04076ee7ea9ed039

Status affected

Version < 1627dda4d70ceb1ba62af2e401af73c09abb1eb5

Version f32ba612ef0f8eecaf6d2a5b04076ee7ea9ed039

Status affected

Version < 55dfffc5e94730370b08de02c0cf3b7c951bbe9e

Version f32ba612ef0f8eecaf6d2a5b04076ee7ea9ed039

Status affected

Version < 7296c938df2445f342be456a6ff0b3931d97f4e5

Version f32ba612ef0f8eecaf6d2a5b04076ee7ea9ed039

Status affected

Version < c412185d557578d3f936537ed639c4ffaaed4075

Version f32ba612ef0f8eecaf6d2a5b04076ee7ea9ed039

Status affected

Version < d8ab68bdb294b09a761e967dad374f2965e1913f

Version f32ba612ef0f8eecaf6d2a5b04076ee7ea9ed039

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.9

Status affected

Version < 5.9

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.240

Status unaffected

Version <= 5.15.*

Version 5.15.187

Status unaffected

Version <= 6.1.*

Version 6.1.144

Status unaffected

Version <= 6.6.*

Version 6.6.97

Status unaffected

Version <= 6.12.*

Version 6.12.37

Status unaffected

Version <= 6.15.*

Version 6.15.6

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.103

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/1129e0e0a833acf90429e0f13951068d5f026e4f

https://git.kernel.org/stable/c/1627dda4d70ceb1ba62af2e401af73c09abb1eb5

https://git.kernel.org/stable/c/55dfffc5e94730370b08de02c0cf3b7c951bbe9e

https://git.kernel.org/stable/c/70ddb8133fdb512d4b1f2b4fd1c9e518514f182c

https://git.kernel.org/stable/c/7296c938df2445f342be456a6ff0b3931d97f4e5

https://git.kernel.org/stable/c/c412185d557578d3f936537ed639c4ffaaed4075

https://git.kernel.org/stable/c/d8ab68bdb294b09a761e967dad374f2965e1913f

https://nvd.nist.gov/vuln/detail/CVE-2025-38399

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38399

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38399

EUVD