Home

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated In case of an ib_fast_reg_mr allocation failure during iSER setup, the machine hits a panic because iscsi_conn->dd_data is initialized unconditionally, even when no memory is allocated (dd_size == 0). This leads invalid pointer dereference during connection teardown. Fix by setting iscsi_conn->dd_data only if memory is actually allocated. Panic trace: ------------ iser: iser_create_fastreg_desc: Failed to allocate ib_fast_reg_mr err=-12 iser: iser_alloc_rx_descriptors: failed allocating rx descriptors / data buffers BUG: unable to handle page fault for address: fffffffffffffff8 RIP: 0010:swake_up_locked.part.5+0xa/0x40 Call Trace: complete+0x31/0x40 iscsi_iser_conn_stop+0x88/0xb0 [ib_iser] iscsi_stop_conn+0x66/0xc0 [scsi_transport_iscsi] iscsi_if_stop_conn+0x14a/0x150 [scsi_transport_iscsi] iscsi_if_rx+0x1135/0x1834 [scsi_transport_iscsi] ? netlink_lookup+0x12f/0x1b0 ? netlink_deliver_tap+0x2c/0x200 netlink_unicast+0x1ab/0x280 netlink_sendmsg+0x257/0x4f0 ? _copy_from_user+0x29/0x60 sock_sendmsg+0x5f/0x70

PUBLISHED Reserved 2025-04-16 | Published 2025-09-04 | Updated 2025-09-29 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before f53af99f441ee79599d8df6113a7144d74cf9153
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 9ea6d961566c7d762ed0204b06db05756fdda3b6
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before fd5aad080edb501ab5c84b7623d612d0e3033403
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before a145c269dc5380c063a20a0db7e6df2995962e9d
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 66a373f50b4249d57f5a88c7be9676f9d5884865
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 35782c32528d82aa21f84cb5ceb2abd3526a8159
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before a33d42b7fc24fe03f239fbb0880dd5b4b4b97c19
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 2b242ea14386a510010eabfbfc3ce81a101f3802
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 3ea3a256ed81f95ab0f3281a0e234b01a9cae605
affected

Default status
affected

5.4.297 (semver)
unaffected

5.10.241 (semver)
unaffected

5.15.190 (semver)
unaffected

6.1.149 (semver)
unaffected

6.6.103 (semver)
unaffected

6.12.43 (semver)
unaffected

6.15.11 (semver)
unaffected

6.16.2 (semver)
unaffected

6.17 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/f53af99f441ee79599d8df6113a7144d74cf9153

git.kernel.org/...c/9ea6d961566c7d762ed0204b06db05756fdda3b6

git.kernel.org/...c/fd5aad080edb501ab5c84b7623d612d0e3033403

git.kernel.org/...c/a145c269dc5380c063a20a0db7e6df2995962e9d

git.kernel.org/...c/66a373f50b4249d57f5a88c7be9676f9d5884865

git.kernel.org/...c/35782c32528d82aa21f84cb5ceb2abd3526a8159

git.kernel.org/...c/a33d42b7fc24fe03f239fbb0880dd5b4b4b97c19

git.kernel.org/...c/2b242ea14386a510010eabfbfc3ce81a101f3802

git.kernel.org/...c/3ea3a256ed81f95ab0f3281a0e234b01a9cae605

cve.org (CVE-2025-38700)

nvd.nist.gov (CVE-2025-38700)

Download JSON