Primary

Context

Linux Kernel NULL Pointer Dereference Vulnerability in qla2xxx SCSI Driver

Vulnerability

A vulnerability in the Linux kernel's qla2xxx SCSI driver can lead to a system hang caused by a NULL pointer dereference. This issue arises when the I/O Control Block (IOCB) counts are out of order, preventing commands from being processed and causing the system to freeze. The vulnerability was observed in a Dell PowerEdge R6515 server running Linux kernel version 6.2.0.

Impact

Exploitation of this vulnerability causes a system hang due to a NULL pointer dereference, disrupting normal operations and potentially leading to a system crash.

Reproduction

The vulnerability can be reproduced by triggering a disconnect association in the NVMe over Fabrics (NVMe-FC) context, which can be done through the NVMe sysfs interface. This action sends a request that, due to the unsynchronized IOCB counts, results in a NULL pointer dereference, causing the system to hang.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.3

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.3

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in qla2xxx SCSI Driver

Vulnerability

Impact

Reproduction

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating