CVE-2025-68745
Unknown Unknown - Not Provided

Race Condition and Command Hang in Linux qla2xxx SCSI Driver

Vulnerability report for CVE-2025-68745, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Clear cmds after chip reset Commit aefed3e5548f ("scsi: qla2xxx: target: Fix offline port handling and host reset handling") caused two problems: 1. Commands sent to FW, after chip reset got stuck and never freed as FW is not going to respond to them anymore. 2. BUG_ON(cmd->sg_mapped) in qlt_free_cmd(). Commit 26f9ce53817a ("scsi: qla2xxx: Fix missed DMA unmap for aborted commands") attempted to fix this, but introduced another bug under different circumstances when two different CPUs were racing to call qlt_unmap_sg() at the same time: BUG_ON(!valid_dma_direction(dir)) in dma_unmap_sg_attrs(). So revert "scsi: qla2xxx: Fix missed DMA unmap for aborted commands" and partially revert "scsi: qla2xxx: target: Fix offline port handling and host reset handling" at __qla2x00_abort_all_cmds.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-07-07
AI Q&A
2025-12-24
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves the Linux kernel's scsi qla2xxx driver where commands sent to firmware after a chip reset get stuck and are never freed because the firmware no longer responds to them. Additionally, attempts to fix this issue introduced a race condition between CPUs that could cause a bug during DMA unmapping of aborted commands. The fix involved reverting problematic commits to properly clear commands after a chip reset and avoid these bugs.

Impact Analysis

The vulnerability can cause commands to become stuck and never freed after a chip reset, potentially leading to resource leaks or system instability. The race condition in DMA unmapping could cause kernel bugs or crashes under certain CPU concurrency scenarios, impacting system reliability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68745. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart