CVE-2025-38075
Published: Jun 18, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix timeout on deleted connection NOPIN response timer may expire on a deleted connection and crash with such logs: Did not receive response to NOPIN on CID: 0, failing connection for I_T Nexus (null),i,0x00023d000125,iqn.2017-01.com.iscsi.target,t,0x3d BUG: Kernel NULL pointer dereference on read at 0x00000000 NIP strlcpy+0x8/0xb0 LR iscsit_fill_cxn_timeout_err_stats+0x5c/0xc0 [iscsi_target_mod] Call Trace: iscsit_handle_nopin_response_timeout+0xfc/0x120 [iscsi_target_mod] call_timer_fn+0x58/0x1f0 run_timer_softirq+0x740/0x860 __do_softirq+0x16c/0x420 irq_exit+0x188/0x1c0 timer_interrupt+0x184/0x410 That is because nopin response timer may be re-started on nopin timer expiration. Stop nopin timer before stopping the nopin response timer to be sure that no one of them will be re-started.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected e48354ce078c079996f89d715dfa44814b4eba01 - < 571ce6b6f5cbaf7d24af03cad592fc0e2a54de35affected e48354ce078c079996f89d715dfa44814b4eba01 - < 2c5081439c7ab8da08427befe427f0d732ebc9f9affected e48354ce078c079996f89d715dfa44814b4eba01 - < 019ca2804f3fb49a7f8e56ea6aeaa1ff32724c27affected e48354ce078c079996f89d715dfa44814b4eba01 - < 6815846e0c3a62116a7da9740e3a7c10edc5c7e9affected e48354ce078c079996f89d715dfa44814b4eba01 - < fe8421e853ef289e1324fcda004751c89dd9c18a+3 more versions |
Linux | Linux | affected 3.1unaffected 0 - < 3.1unaffected 5.4.294 - <= 5.4.*unaffected 5.10.238 - <= 5.10.*unaffected 5.15.185 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now