Linux Kernel SCSI MPI3MR Driver Memory Corruption Vulnerability Leading to Kernel Crash

Vulnerability

A vulnerability in the Linux kernel's SCSI MPI3MR driver can cause a kernel crash due to improper memory management. When the SAS Transport Layer support is active and a device fails to respond correctly to INQUIRY commands, the driver releases the memory for an internal Host Bus Adapter (HBA) port data structure. However, some references to this freed memory are not properly cleared. If the firmware later sends a Device Info change event for the same device, the driver may access the previously freed memory, leading to memory corruption and a crash of the operating system.

Impact

Exploitation of this vulnerability causes memory corruption, which can lead to a kernel crash, disrupting system operations.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel SCSI MPI3MR Driver Memory Corruption Vulnerability Leading to Kernel Crash

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating