CVE-2025-22083

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the handling of multiple calls to vhost scsi set endpoint in the Linux kernel. This can lead to several problems, including a use-after-free bug when no tpgs are found, a tpg dir removal hang due to refcount dropping to -1, and a tpg leak because the target name is overwritten when vhost scsi set endpoint is called multiple times with different target names. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations To resolve the issue, it is recommended to prevent vhost scsi set endpoint from being called if it's already successfully added tpgs. To add, remove, or change the tpg config or target name, you must do a vhost scsi clear endpoint first. As a temporary workaround, consider restricting the use of the vhost scsi set endpoint function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.