PT-2025-25849 · Linux+7 · Linux Kernel+7
Published
2025-04-12
·
Updated
2026-05-26
·
CVE-2025-38075
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A vulnerability in the Linux kernel has been resolved, related to the scsi: target: iscsi component. The issue occurs when the NOPIN response timer expires on a deleted connection, potentially causing a kernel crash. This is due to the NOPIN response timer being re-started on NOPIN timer expiration. The crash may be accompanied by logs indicating a NULL pointer dereference on read. The vulnerability is resolved by stopping the NOPIN timer before stopping the NOPIN response timer.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
DoS
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu