CVE-2025-68229

Summary

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show()

If the allocation of tl_hba->sh fails in tcm_loop_driver_probe() and we attempt to dereference it in tcm_loop_tpg_address_show() we will get a segfault, see below for an example. So, check tl_hba->sh before dereferencing it.

Unable to allocate struct scsi_host BUG: kernel NULL pointer dereference, address: 0000000000000194 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 8356 Comm: tokio-runtime-w Not tainted 6.6.104.2-4.azl3 #1 Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 09/28/2024 RIP: 0010:tcm_loop_tpg_address_show+0x2e/0x50 [tcm_loop] … Call Trace: <TASK> configfs_read_iter+0x12d/0x1d0 [configfs] vfs_read+0x1b5/0x300 ksys_read+0x6f/0xf0 …

Affected Software

VendorProductVersion RangeStatus
LinuxLinux2628b352c3d4905adf8129ea50900bd980b6ccef < 63f511d3855f7f4b35dd63dbc58fc3d935a81268affected
LinuxLinux2628b352c3d4905adf8129ea50900bd980b6ccef < 3d8c517f6eb27e47b1a198e05f8023038329b40baffected
LinuxLinux2628b352c3d4905adf8129ea50900bd980b6ccef < f449a1edd7a13bb025aaf9342ea6f8bf92684bbfaffected
LinuxLinux2628b352c3d4905adf8129ea50900bd980b6ccef < 1c9ba455b5073253ceaadae4859546e38e8261feaffected
LinuxLinux2628b352c3d4905adf8129ea50900bd980b6ccef < a6ef60898ddaf1414592ce3e5b0d94276d631663affected
LinuxLinux2628b352c3d4905adf8129ea50900bd980b6ccef < 72e8831079266749a7023618a0de2f289a9dced6affected
LinuxLinux2628b352c3d4905adf8129ea50900bd980b6ccef < 13aff3b8a7184281b134698704d6c06863a8361baffected
LinuxLinux2628b352c3d4905adf8129ea50900bd980b6ccef < e6965188f84a7883e6a0d3448e86b0cf29b24dfcaffected
LinuxLinux4.5affected
LinuxLinux0 < 4.5unaffected
LinuxLinux5.4.302 <= 5.4.*unaffected
LinuxLinux5.10.247 <= 5.10.*unaffected
LinuxLinux5.15.197 <= 5.15.*unaffected
LinuxLinux6.1.159 <= 6.1.*unaffected
LinuxLinux6.6.118 <= 6.6.*unaffected
LinuxLinux6.12.60 <= 6.12.*unaffected
LinuxLinux6.17.10 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References