CVE-2025-38075

scsi: target: iscsi: Fix timeout on deleted connection

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix timeout on deleted connection NOPIN response timer may expire on a deleted connection and crash with such logs: Did not receive response to NOPIN on CID: 0, failing connection for I_T Nexus (null),i,0x00023d000125,iqn.2017-01.com.iscsi.target,t,0x3d BUG: Kernel NULL pointer dereference on read at 0x00000000 NIP strlcpy+0x8/0xb0 LR iscsit_fill_cxn_timeout_err_stats+0x5c/0xc0 [iscsi_target_mod] Call Trace: iscsit_handle_nopin_response_timeout+0xfc/0x120 [iscsi_target_mod] call_timer_fn+0x58/0x1f0 run_timer_softirq+0x740/0x860 __do_softirq+0x16c/0x420 irq_exit+0x188/0x1c0 timer_interrupt+0x184/0x410 That is because nopin response timer may be re-started on nopin timer expiration. Stop nopin timer before stopping the nopin response timer to be sure that no one of them will be re-started.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/571ce6b6f5cbaf7d24af03cad592fc0e2a54de35
https://git.kernel.org/stable/c/2c5081439c7ab8da08427befe427f0d732ebc9f9
https://git.kernel.org/stable/c/019ca2804f3fb49a7f8e56ea6aeaa1ff32724c27
https://git.kernel.org/stable/c/6815846e0c3a62116a7da9740e3a7c10edc5c7e9
https://git.kernel.org/stable/c/fe8421e853ef289e1324fcda004751c89dd9c18a
https://git.kernel.org/stable/c/87389bff743c55b6b85282de91109391f43e0814
https://git.kernel.org/stable/c/3e6429e3707943078240a2c0c0b3ee99ea9b0d9c
https://git.kernel.org/stable/c/7f533cc5ee4c4436cee51dc58e81dfd9c3384418

Frequently Asked Questions

What is the severity of CVE-2025-38075?
CVE-2025-38075 has not yet been assigned a CVSS score.
How to fix CVE-2025-38075?
To fix CVE-2025-38075, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38075 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-38075 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38075?
CVE-2025-38075 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.