CVE-2025-68745
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Clear cmds after chip reset
Commit aefed3e5548f ("scsi: qla2xxx: target: Fix offline port handling and host reset handling") caused two problems:
Commands sent to FW, after chip reset got stuck and never freed as FW is not going to respond to them anymore.
BUG_ON(cmd->sg_mapped) in qlt_free_cmd(). Commit 26f9ce53817a ("scsi: qla2xxx: Fix missed DMA unmap for aborted commands") attempted to fix this, but introduced another bug under different circumstances when two different CPUs were racing to call qlt_unmap_sg() at the same time: BUG_ON(!valid_dma_direction(dir)) in dma_unmap_sg_attrs().
So revert "scsi: qla2xxx: Fix missed DMA unmap for aborted commands" and partially revert "scsi: qla2xxx: target: Fix offline port handling and host reset handling" at __qla2x00_abort_all_cmds.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | aefed3e5548f28e5fecafda6604fcbc65484dbaa < 5c1fb3fd05da3d55b8cbc42d7d660b313cbdc936 | affected |
| Linux | Linux | aefed3e5548f28e5fecafda6604fcbc65484dbaa < d46c69a087aa3d1513f7a78f871b80251ea0c1ae | affected |
| Linux | Linux | eb67b7a23d357f578578e737cb6412ae2384f352 | affected |
| Linux | Linux | ec9639d92c1e10d4bc667e842753d85e21683d5c | affected |
| Linux | Linux | e6e957f552d5b696879a31e5b0e2a9120e1ea86e | affected |
| Linux | Linux | 4.9.316 < 4.10 | affected |
| Linux | Linux | 4.14.281 < 4.15 | affected |
| Linux | Linux | 4.19.245 < 4.20 | affected |
| Linux | Linux | 5.2 | affected |
| Linux | Linux | 0 < 5.2 | unaffected |
| Linux | Linux | 6.18.2 <= 6.18.* | unaffected |
| Linux | Linux | 6.19 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/5c1fb3fd05da3d55b8cbc42d7d660b313cbdc936
- https://git.kernel.org/stable/c/d46c69a087aa3d1513f7a78f871b80251ea0c1ae
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.