CVE-2025-38399
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-25

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() The function core_scsi3_decode_spec_i_port(), in its error code path, unconditionally calls core_scsi3_lunacl_undepend_item() passing the dest_se_deve pointer, which may be NULL. This can lead to a NULL pointer dereference if dest_se_deve remains unset. SPC-3 PR SPEC_I_PT: Unable to locate dest_tpg Unable to handle kernel paging request at virtual address dfff800000000012 Call trace: core_scsi3_lunacl_undepend_item+0x2c/0xf0 [target_core_mod] (P) core_scsi3_decode_spec_i_port+0x120c/0x1c30 [target_core_mod] core_scsi3_emulate_pro_register+0x6b8/0xcd8 [target_core_mod] target_scsi3_emulate_pr_out+0x56c/0x840 [target_core_mod] Fix this by adding a NULL check before calling core_scsi3_lunacl_undepend_item()
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-25
Last Modified
2025-11-03
Generated
2026-05-06
AI Q&A
2025-07-25
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38399
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a NULL pointer dereference in the Linux kernel's SCSI target code. Specifically, the function core_scsi3_decode_spec_i_port() calls core_scsi3_lunacl_undepend_item() with a pointer that may be NULL, leading to a potential crash or kernel panic when the pointer is dereferenced without a NULL check.


How can this vulnerability impact me? :

The impact of this vulnerability is that it can cause the Linux kernel to crash or become unstable due to a NULL pointer dereference, potentially leading to denial of service or system downtime.


What immediate steps should I take to mitigate this vulnerability?

Apply the patch or update to the Linux kernel version that includes the fix for the NULL pointer dereference in core_scsi3_decode_spec_i_port() by adding a NULL check before calling core_scsi3_lunacl_undepend_item().


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart