CVE-2025-21957 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: qla1280: Fix kernel oops when debug level > 2 A null dereference or oops exception will eventually occur when qla1280.c driver is compiled with DEBUG_QLA1280 enabled and ql_debug_level > 2. I think its clear from the code that the intention here is sg_dma_len(s) not length of sg_next(s) when printing the debug info.

Reserved 2024-12-29 | Published 2025-04-01 | Updated 2025-05-04 | Assigner Linux

Product status

Default status

unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before afa27b7c17a48e01546ccaad0ab017ad0496a522

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 11a8dac1177a596648a020a7f3708257a2f95fee

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before c737e2a5fb7f90b96a96121da1b50a9c74ae9b8c

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 24602e2664c515a4f2950d7b52c3d5997463418c

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before ea371d1cdefb0951c7127a33bcd7eb931cf44571

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before af71ba921d08c241a817010f96458dc5e5e26762

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 7ac2473e727d67a38266b2b7e55c752402ab588c

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 5233e3235dec3065ccc632729675575dbe3c6b8a

affected

Default status

affected

5.4.292

unaffected

5.10.236

unaffected

5.15.180

unaffected

6.1.132

unaffected

6.6.84

unaffected

6.12.20

unaffected

6.13.8

unaffected

6.14

unaffected

References

git.kernel.org/...c/afa27b7c17a48e01546ccaad0ab017ad0496a522

git.kernel.org/...c/11a8dac1177a596648a020a7f3708257a2f95fee

git.kernel.org/...c/c737e2a5fb7f90b96a96121da1b50a9c74ae9b8c

git.kernel.org/...c/24602e2664c515a4f2950d7b52c3d5997463418c

git.kernel.org/...c/ea371d1cdefb0951c7127a33bcd7eb931cf44571

git.kernel.org/...c/af71ba921d08c241a817010f96458dc5e5e26762

git.kernel.org/...c/7ac2473e727d67a38266b2b7e55c752402ab588c

git.kernel.org/...c/5233e3235dec3065ccc632729675575dbe3c6b8a

cve.org (CVE-2025-21957)

nvd.nist.gov (CVE-2025-21957)

Download JSON