CVE-2025-68371
Use-After-Free in Linux Kernel smartpqi SCSI Device Removal
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a race condition in the Linux kernel's scsi smartpqi driver where device resources could be accessed after the device was removed. Specifically, a scheduled work item to reset a Logical Unit Number (LUN) could still execute after the device was removed, leading to use-after-free and improper access to freed resources. This happens because the abort handler may schedule a LUN reset concurrently with device removal, causing a race condition.
How can this vulnerability impact me? :
This vulnerability can lead to use-after-free errors and improper access to freed device resources, which may cause system instability, crashes, or potential security issues such as memory corruption or escalation of privileges if exploited.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the issue is fixed. The fix involves ensuring that device reset handlers check if the device is still present before executing, canceling any pending TMF work during device removal, and properly synchronizing device freeing with the LUN reset mutex to avoid race conditions. Applying the kernel patch or upgrade that includes these fixes will prevent use-after-free and resource access issues related to device removal.