CVE-2025-38695
BaseFortify
Publication date: 2025-09-04
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 5.10.244 |
| linux | linux_kernel | 6.1.153 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's SCSI lpfc driver occurs when a failure in the lpfc_sli4_hba_setup() function leads to a cleanup routine being called before hardware queues (hdwq) are allocated. This causes a null pointer dereference when the code attempts to lock a list related to the first hardware queue. The issue is fixed by adding a null pointer check to prevent this dereference during port initialization errors.
How can this vulnerability impact me? :
The vulnerability can cause a null pointer dereference in the Linux kernel, which may lead to system instability or crashes during SCSI device initialization or cleanup. This could result in denial of service or unexpected behavior in systems using the affected driver.