CVE-2025-68745
Unknown Unknown - Not Provided
Race Condition and Command Hang in Linux qla2xxx SCSI Driver

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Clear cmds after chip reset Commit aefed3e5548f ("scsi: qla2xxx: target: Fix offline port handling and host reset handling") caused two problems: 1. Commands sent to FW, after chip reset got stuck and never freed as FW is not going to respond to them anymore. 2. BUG_ON(cmd->sg_mapped) in qlt_free_cmd(). Commit 26f9ce53817a ("scsi: qla2xxx: Fix missed DMA unmap for aborted commands") attempted to fix this, but introduced another bug under different circumstances when two different CPUs were racing to call qlt_unmap_sg() at the same time: BUG_ON(!valid_dma_direction(dir)) in dma_unmap_sg_attrs(). So revert "scsi: qla2xxx: Fix missed DMA unmap for aborted commands" and partially revert "scsi: qla2xxx: target: Fix offline port handling and host reset handling" at __qla2x00_abort_all_cmds.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68745
EUVD
EUVD-2025-205217
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the Linux kernel's scsi qla2xxx driver where commands sent to firmware after a chip reset get stuck and are never freed because the firmware no longer responds to them. Additionally, attempts to fix this issue introduced a race condition between CPUs that could cause a bug during DMA unmapping of aborted commands. The fix involved reverting problematic commits to properly clear commands after a chip reset and avoid these bugs.

Impact Analysis

The vulnerability can cause commands to become stuck and never freed after a chip reset, potentially leading to resource leaks or system instability. The race condition in DMA unmapping could cause kernel bugs or crashes under certain CPU concurrency scenarios, impacting system reliability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68745. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart