CVE-2025-38075

Updated: 2025-12-28 03:41:18.414756

Description:

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix timeout on deleted connection NOPIN response timer may expire on a deleted connection and crash with such logs: Did not receive response to NOPIN on CID: 0, failing connection for I_T Nexus (null),i,0x00023d000125,iqn.2017-01.com.iscsi.target,t,0x3d BUG: Kernel NULL pointer dereference on read at 0x00000000 NIP strlcpy+0x8/0xb0 LR iscsit_fill_cxn_timeout_err_stats+0x5c/0xc0 [iscsi_target_mod] Call Trace: iscsit_handle_nopin_response_timeout+0xfc/0x120 [iscsi_target_mod] call_timer_fn+0x58/0x1f0 run_timer_softirq+0x740/0x860 __do_softirq+0x16c/0x420 irq_exit+0x188/0x1c0 timer_interrupt+0x184/0x410 That is because nopin response timer may be re-started on nopin timer expiration. Stop nopin timer before stopping the nopin response timer to be sure that no one of them will be re-started.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU kernel 5.14.0 5.5 MEDIUM Released CLSA-2026:1767864313 2026-01-08 16:45:21
CentOS 7 ELS kernel 3.10.0 5.5 MEDIUM Needs Triage 2025-12-28 08:01:32
CentOS 8.4 ELS kernel 4.18.0 5.5 MEDIUM Needs Triage 2025-12-28 08:01:30
CentOS 8.5 ELS kernel 4.18.0 5.5 MEDIUM Needs Triage 2025-12-28 08:01:28
CentOS Stream 8 ELS kernel 4.18.0 5.5 MEDIUM Needs Triage 2025-12-28 08:01:33
CloudLinux 7 ELS kernel 3.10.0 5.5 MEDIUM Needs Triage 2025-12-28 08:01:35
Oracle Linux 7 ELS kernel 3.10.0 5.5 MEDIUM Needs Triage 2025-12-28 08:01:34
Oracle Linux 7 ELS kernel-uek 5.4.17 5.5 MEDIUM Released CLSA-2025:1757963029 2025-09-16 11:20:06
RHEL 7 ELS kernel 3.10.0 5.5 MEDIUM Needs Triage 2025-12-28 08:01:37
TuxCare 9.6 ESU kernel 5.14.0 5.5 MEDIUM Released CLSA-2025:1766488019 2025-12-23 19:39:52
Total: 14