CVE-2025-68371

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)

Description A race condition exists in the SmartPQI SCSI driver within the Linux kernel during device removal. Specifically, a scheduled work item to reset a LUN could execute after the device was removed, resulting in use-after-free and other resource access issues. This occurs because the abort handler might schedule a LUN reset concurrently with device removal, leading to improper access to freed resources. The issue is addressed by checking device presence in the controller’s SCSI device list before running the reset handler, cancelling pending TMF work, and ensuring device freeing occurs while holding the LUN reset mutex.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

AZL-73054

CVE-2025-68371

ECHO-1CF6-9797-7B69

OESA-2026-1303

OESA-2026-1304

OESA-2026-1305

OPENSUSE-SU-2026:10039-1

OPENSUSE-SU-2026:10301-1

OPENSUSE-SU-2026:20416-1

SUSE-SU-2026:20838-1

SUSE-SU-2026:20931-1

SUSE-SU-2026:21284-1

USN-8094-1

USN-8094-2

USN-8094-3

USN-8094-4

USN-8094-5

USN-8152-1

USN-8179-1

USN-8179-2

USN-8179-3

USN-8179-4

USN-8184-1

USN-8185-1

USN-8185-2

USN-8203-1

USN-8204-1

USN-8258-1

USN-8260-1

USN-8261-1

USN-8265-1

Affected Products

Debian

Linux Kernel

Linuxmint

Ubuntu

CVE-2025-68371

Related Identifiers

Affected Products

References · 1427