CVE-2025-68371
Published: Dec 24, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix device resources accessed after device removal Correct possible race conditions during device removal. Previously, a scheduled work item to reset a LUN could still execute after the device was removed, leading to use-after-free and other resource access issues. This race condition occurs because the abort handler may schedule a LUN reset concurrently with device removal via sdev_destroy(), leading to use-after-free and improper access to freed resources. - Check in the device reset handler if the device is still present in the controller's SCSI device list before running; if not, the reset is skipped. - Cancel any pending TMF work that has not started in sdev_destroy(). - Ensure device freeing in sdev_destroy() is done while holding the LUN reset mutex to avoid races with ongoing resets.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 2d80f4054f7f901b8ad97358a9069616ac8524c7 - < 7dfa5a5516ec3c6b9b6c22ee18f0eb2df3f38ef2affected 2d80f4054f7f901b8ad97358a9069616ac8524c7 - < 6d2390653d82cad0e1ba2676e536dd99678f6ef1affected 2d80f4054f7f901b8ad97358a9069616ac8524c7 - < eccc02ba1747501d92bb2049e3ce378ba372f641affected 2d80f4054f7f901b8ad97358a9069616ac8524c7 - < 4e1acf1b6dd6dd0495bda139daafd7a403ae2dc1affected 2d80f4054f7f901b8ad97358a9069616ac8524c7 - < 1a5c5a2f88e839af5320216a02ffb075b668596a+1 more versions |
Linux | Linux | affected 6.0unaffected 0 - < 6.0unaffected 6.1.160 - <= 6.1.*unaffected 6.6.120 - <= 6.6.*unaffected 6.12.63 - <= 6.12.*+3 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now