Volerion logoVolerion
Volerion logoVolerion

Linux Kernel SCSI UFS Command Handling Vulnerability

Vulnerability

A vulnerability in the Linux kernel's handling of SCSI commands over the UFS protocol can lead to improper command management. The issue arises because the function 'ufshcd_queuecommand' may be invoked twice consecutively for the same SCSI command before it is fully processed. This vulnerability affects the Linux kernel stable tree.

Impact

This vulnerability can cause SCSI commands to be mishandled, potentially leading to command timeouts and associated warning messages. Such mismanagement could disrupt normal SCSI operations and error handling processes.

Reproduction

The vulnerability can be reproduced by sending a SCSI command over the UFS protocol and then immediately sending another command before the first one is completed. This will trigger the 'ufshcd_queuecommand' function to process the commands incorrectly, leading to the vulnerability.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been addressed.

Added: Oct 1, 2025, 1:46 PM
Updated: Oct 1, 2025, 1:46 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.0
exploitability
4.3
remediation
7.7
relevance
0.6
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.