CVE-2025-38119
Modified Modified - Updated After Analysis
BaseFortify

Publication date: 2025-07-03

Last updated on: 2026-01-19

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: scsi: core: ufs: Fix a hang in the error handler ufshcd_err_handling_prepare() calls ufshcd_rpm_get_sync(). The latter function can only succeed if UFSHCD_EH_IN_PROGRESS is not set because resuming involves submitting a SCSI command and ufshcd_queuecommand() returns SCSI_MLQUEUE_HOST_BUSY if UFSHCD_EH_IN_PROGRESS is set. Fix this hang by setting UFSHCD_EH_IN_PROGRESS after ufshcd_rpm_get_sync() has been called instead of before. Backtrace: __switch_to+0x174/0x338 __schedule+0x600/0x9e4 schedule+0x7c/0xe8 schedule_timeout+0xa4/0x1c8 io_schedule_timeout+0x48/0x70 wait_for_common_io+0xa8/0x160 //waiting on START_STOP wait_for_completion_io_timeout+0x10/0x20 blk_execute_rq+0xe4/0x1e4 scsi_execute_cmd+0x108/0x244 ufshcd_set_dev_pwr_mode+0xe8/0x250 __ufshcd_wl_resume+0x94/0x354 ufshcd_wl_runtime_resume+0x3c/0x174 scsi_runtime_resume+0x64/0xa4 rpm_resume+0x15c/0xa1c __pm_runtime_resume+0x4c/0x90 // Runtime resume ongoing ufshcd_err_handler+0x1a0/0xd08 process_one_work+0x174/0x808 worker_thread+0x15c/0x490 kthread+0xf4/0x1ec ret_from_fork+0x10/0x20 [ bvanassche: rewrote patch description ]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-03
Last Modified
2026-01-19
Generated
2026-05-07
AI Q&A
2025-07-03
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38119
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 3.12 (inc) to 5.15.186 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.142 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.94 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.34 (exc)
linux linux_kernel From 6.13 (inc) to 6.15.3 (exc)
linux linux_kernel 6.16
debian debian_linux 11.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a hang issue in the Linux kernel's SCSI core, specifically related to the UFS (Universal Flash Storage) driver error handler. The problem occurs because the function ufshcd_err_handling_prepare() calls ufshcd_rpm_get_sync(), which can only succeed if a certain flag (UFSHCD_EH_IN_PROGRESS) is not set. However, the flag was being set before the call, causing the system to hang as it waits indefinitely. The fix involved changing the order to set the flag after the call, preventing the hang.


How can this vulnerability impact me? :

This vulnerability can cause the system to hang during error handling in the UFS storage driver, potentially leading to system unresponsiveness or degraded performance when the error handler is triggered.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart