CVE-2025-68371

Summary

In the Linux kernel, the following vulnerability has been resolved:

scsi: smartpqi: Fix device resources accessed after device removal

Correct possible race conditions during device removal.

Previously, a scheduled work item to reset a LUN could still execute after the device was removed, leading to use-after-free and other resource access issues.

This race condition occurs because the abort handler may schedule a LUN reset concurrently with device removal via sdev_destroy(), leading to use-after-free and improper access to freed resources.

  • Check in the device reset handler if the device is still present in the controller's SCSI device list before running; if not, the reset is skipped.

  • Cancel any pending TMF work that has not started in sdev_destroy().

  • Ensure device freeing in sdev_destroy() is done while holding the LUN reset mutex to avoid races with ongoing resets.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux2d80f4054f7f901b8ad97358a9069616ac8524c7 < 7dfa5a5516ec3c6b9b6c22ee18f0eb2df3f38ef2affected
LinuxLinux2d80f4054f7f901b8ad97358a9069616ac8524c7 < 6d2390653d82cad0e1ba2676e536dd99678f6ef1affected
LinuxLinux2d80f4054f7f901b8ad97358a9069616ac8524c7 < eccc02ba1747501d92bb2049e3ce378ba372f641affected
LinuxLinux2d80f4054f7f901b8ad97358a9069616ac8524c7 < 4e1acf1b6dd6dd0495bda139daafd7a403ae2dc1affected
LinuxLinux2d80f4054f7f901b8ad97358a9069616ac8524c7 < 1a5c5a2f88e839af5320216a02ffb075b668596aaffected
LinuxLinux2d80f4054f7f901b8ad97358a9069616ac8524c7 < b518e86d1a70a88f6592a7c396cf1b93493d1aabaffected
LinuxLinux6.0affected
LinuxLinux0 < 6.0unaffected
LinuxLinux6.1.160 <= 6.1.*unaffected
LinuxLinux6.6.120 <= 6.6.*unaffected
LinuxLinux6.12.63 <= 6.12.*unaffected
LinuxLinux6.17.13 <= 6.17.*unaffected
LinuxLinux6.18.2 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

References