Primary

Context

Linux Kernel lpfc Driver Null Pointer Dereference Vulnerability

Vulnerability

Patched

A vulnerability in the Linux kernel's lpfc SCSI driver can lead to a null pointer dereference. This issue occurs in the 'lpfc_cmpl_ct_cmd_gft_id()' function when an error exit is handled. The function calls 'lpfc_nlp_put()' with a null pointer to a nodelist structure, which can cause a crash. The vulnerability has been addressed by modifying the function to properly initialize the nodelist pointer before it is used.

Impact

Exploitation of this vulnerability can cause a null pointer dereference, leading to a system crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.

Added: Oct 1, 2025, 3:00 PM

Updated: Oct 1, 2025, 3:00 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.6

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.6

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel lpfc Driver Null Pointer Dereference Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating