PT-2025-35968 · Linux+6 · Linux Kernel+6

Published

2025-06-18

·

Updated

2026-04-20

·

CVE-2025-38695

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A flaw exists in the Linux kernel’s SCSI subsystem, specifically within the lpfc (Low-Level Fibre Channel) driver. A null pointer dereference may occur during the cleanup of the lpfc vport structure if lpfc sli4 read rev() fails during the lpfc sli4 hba setup() function. This can happen before the hardware queues (hdwq) are allocated, leading to a potential crash when attempting to access a null pointer within the abts io buf list lock for the first hardware queue. The issue is addressed by adding a null pointer check for phba->sli4 hba.hdwq and returning early if the check fails, indicating an error during port initialization.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Weakness Enumeration

CWE-476

Related Identifiers

AZL-66818
AZL-73926
BDU:2025-15759
CVE-2025-38695
DLA-4327-1
DLA-4328-1
DSA-6009-1
ECHO-2E79-57C4-786E
MGASA-2025-0234
MGASA-2025-0235
OESA-2025-2349
OESA-2025-2350
OESA-2025-2351
OESA-2025-2352
OESA-2025-2353
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03600-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3751-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4141-1
SUSE-SU-2025:4189-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7938-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu
Lpfc