CVE-2025-38075
Analyzed Analyzed - Analysis Complete
BaseFortify

Publication date: 2025-06-18

Last updated on: 2025-12-17

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix timeout on deleted connection NOPIN response timer may expire on a deleted connection and crash with such logs: Did not receive response to NOPIN on CID: 0, failing connection for I_T Nexus (null),i,0x00023d000125,iqn.2017-01.com.iscsi.target,t,0x3d BUG: Kernel NULL pointer dereference on read at 0x00000000 NIP strlcpy+0x8/0xb0 LR iscsit_fill_cxn_timeout_err_stats+0x5c/0xc0 [iscsi_target_mod] Call Trace: iscsit_handle_nopin_response_timeout+0xfc/0x120 [iscsi_target_mod] call_timer_fn+0x58/0x1f0 run_timer_softirq+0x740/0x860 __do_softirq+0x16c/0x420 irq_exit+0x188/0x1c0 timer_interrupt+0x184/0x410 That is because nopin response timer may be re-started on nopin timer expiration. Stop nopin timer before stopping the nopin response timer to be sure that no one of them will be re-started.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-18
Last Modified
2025-12-17
Generated
2026-05-07
AI Q&A
2025-06-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38075
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 3.1 (inc) to 5.4.294 (exc)
linux linux_kernel From 5.5 (inc) to 5.10.238 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.185 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.141 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.93 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.31 (exc)
linux linux_kernel From 6.13 (inc) to 6.14.9 (exc)
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel 6.15
debian debian_linux 11.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's iSCSI target implementation where a NOPIN response timer may expire on a deleted connection, leading to a kernel crash due to a NULL pointer dereference. Specifically, the timer may be restarted improperly after expiration, causing the kernel to attempt to access invalid memory and crash. The fix involves stopping the NOPIN timer before stopping the NOPIN response timer to prevent the timer from being restarted on a deleted connection.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash due to a NULL pointer dereference when the NOPIN response timer expires on a deleted iSCSI connection. Such a crash can lead to system instability, downtime, and potential loss of availability for services relying on the affected system.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring kernel logs for specific error messages related to the iscsi target module. Look for logs indicating a NOPIN response timer expiration on a deleted connection and kernel NULL pointer dereference crashes. For example, check for messages like: 'Did not receive response to NOPIN on CID' and 'BUG: Kernel NULL pointer dereference'. You can use the command 'dmesg | grep -i iscsi' or 'journalctl -k | grep -i iscsi' to find such logs.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that the nopin timer is stopped before stopping the nopin response timer to prevent the timer from being restarted on expiration. Practically, this means applying the patch or update that fixes the iscsi target module to handle timer stopping correctly. Until the fix is applied, monitor for the described kernel crashes and consider disabling or limiting iscsi target usage if feasible.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart