Linux Kernel qla2xxx Driver PCI Error Handling Vulnerability

Vulnerability

A vulnerability in the Linux kernel's qla2xxx SCSI driver has been addressed. The issue arose from the driver prematurely accessing hardware after a recoverable PCI error. Following such an error, the driver should verify whether the error condition persists and wait for the operating system to signal a resume. This flaw could lead to missed error conditions and improper handling of PCI communications, potentially causing timeouts and failures in firmware operations.

Impact

The vulnerability could disrupt proper PCI error recovery, leading to timeouts and failures in handling firmware dumps for the affected QLogic devices.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel qla2xxx Driver PCI Error Handling Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating