-
CVE-2025-38700
- EPSS 0.05%
- Veröffentlicht 04.09.2025 15:32:52
- Zuletzt bearbeitet 05.09.2025 17:47:24
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- Teams Watchlist Login
- Unerledigt Login
In the Linux kernel, the following vulnerability has been resolved: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated In case of an ib_fast_reg_mr allocation failure during iSER setup, the machine hits a panic because iscsi_conn->dd_data is initialized unconditionally, even when no memory is allocated (dd_size == 0). This leads invalid pointer dereference during connection teardown. Fix by setting iscsi_conn->dd_data only if memory is actually allocated. Panic trace: ------------ iser: iser_create_fastreg_desc: Failed to allocate ib_fast_reg_mr err=-12 iser: iser_alloc_rx_descriptors: failed allocating rx descriptors / data buffers BUG: unable to handle page fault for address: fffffffffffffff8 RIP: 0010:swake_up_locked.part.5+0xa/0x40 Call Trace: complete+0x31/0x40 iscsi_iser_conn_stop+0x88/0xb0 [ib_iser] iscsi_stop_conn+0x66/0xc0 [scsi_transport_iscsi] iscsi_if_stop_conn+0x14a/0x150 [scsi_transport_iscsi] iscsi_if_rx+0x1135/0x1834 [scsi_transport_iscsi] ? netlink_lookup+0x12f/0x1b0 ? netlink_deliver_tap+0x2c/0x200 netlink_unicast+0x1ab/0x280 netlink_sendmsg+0x257/0x4f0 ? _copy_from_user+0x29/0x60 sock_sendmsg+0x5f/0x70
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
f53af99f441ee79599d8df6113a7144d74cf9153
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
9ea6d961566c7d762ed0204b06db05756fdda3b6
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
fd5aad080edb501ab5c84b7623d612d0e3033403
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
a145c269dc5380c063a20a0db7e6df2995962e9d
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
66a373f50b4249d57f5a88c7be9676f9d5884865
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
35782c32528d82aa21f84cb5ceb2abd3526a8159
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
a33d42b7fc24fe03f239fbb0880dd5b4b4b97c19
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
2b242ea14386a510010eabfbfc3ce81a101f3802
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
3ea3a256ed81f95ab0f3281a0e234b01a9cae605
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version <=
5.4.*
Version
5.4.297
Status
unaffected
Version <=
5.10.*
Version
5.10.241
Status
unaffected
Version <=
5.15.*
Version
5.15.190
Status
unaffected
Version <=
6.1.*
Version
6.1.149
Status
unaffected
Version <=
6.6.*
Version
6.6.103
Status
unaffected
Version <=
6.12.*
Version
6.12.43
Status
unaffected
Version <=
6.15.*
Version
6.15.11
Status
unaffected
Version <=
6.16.*
Version
6.16.2
Status
unaffected
Version <=
*
Version
6.17-rc1
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.143 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|