CVE-2025-68229
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-16

Last updated on: 2025-12-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() If the allocation of tl_hba->sh fails in tcm_loop_driver_probe() and we attempt to dereference it in tcm_loop_tpg_address_show() we will get a segfault, see below for an example. So, check tl_hba->sh before dereferencing it. Unable to allocate struct scsi_host BUG: kernel NULL pointer dereference, address: 0000000000000194 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 8356 Comm: tokio-runtime-w Not tainted 6.6.104.2-4.azl3 #1 Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 09/28/2024 RIP: 0010:tcm_loop_tpg_address_show+0x2e/0x50 [tcm_loop] ... Call Trace: <TASK> configfs_read_iter+0x12d/0x1d0 [configfs] vfs_read+0x1b5/0x300 ksys_read+0x6f/0xf0 ...
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-12-16
EPSS Evaluated
2026-05-05
NVD
CVE-2025-68229
EUVD
EUVD-2025-203667
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux kernel 6.6.104.2-4.azl3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a NULL pointer dereference in the Linux kernel's SCSI target driver tcm_loop. Specifically, if the allocation of tl_hba->sh fails in the tcm_loop_driver_probe() function, and the code later attempts to dereference this pointer in tcm_loop_tpg_address_show(), it causes a kernel segfault (crash). The fix involves checking if tl_hba->sh is NULL before dereferencing it to prevent the crash.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash (kernel NULL pointer dereference leading to a segfault) when the affected code path is executed. This can result in system instability, denial of service, or unexpected reboots, impacting availability of the system or services running on it.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring kernel logs for segfaults related to the tcm_loop module, specifically looking for NULL pointer dereference errors in tcm_loop_tpg_address_show(). You can use commands like 'dmesg | grep tcm_loop' or 'journalctl -k | grep tcm_loop' to check for such errors. Additionally, checking for BUG or Oops messages in the kernel logs that mention 'Unable to allocate struct scsi_host' or 'NULL pointer dereference' can help identify the issue.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves updating the Linux kernel to a version where the tcm_loop module has been fixed to check tl_hba->sh before dereferencing it, thus preventing the segfault. Until an update is applied, avoid using or triggering the tcm_loop target functionality that could lead to this NULL pointer dereference. Monitoring kernel logs for related errors can also help in early detection.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart