Linux Kernel SCSI qla2xxx Stale SRB Access Vulnerability Leading to Crash

Vulnerability

A vulnerability in the Linux kernel's SCSI qla2xxx driver can cause a system crash by allowing stale SCSI Request Blocks (SRBs) to be accessed during I/O timeouts. This issue arises because the driver fails to properly return SRBs when escalating I/O timeout errors, leading to a kernel paging request failure. The crash stack indicates that the issue occurs while processing response queues, where the driver attempts to access pending SRB data that has become invalid due to a timeout.

Impact

Exploitation of this vulnerability leads to a kernel crash, causing a denial of service by interrupting normal system operations and potentially requiring a manual reboot to restore functionality.

Added: Jun 18, 2025, 5:25 PM

Updated: Jun 18, 2025, 5:25 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel SCSI qla2xxx Stale SRB Access Vulnerability Leading to Crash

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating