Primary

Context

Linux Kernel SCSI qla2xxx Deletion Race Condition Vulnerability Leading to System Crash

Vulnerability

Patched

A race condition vulnerability has been identified in the Linux kernel's SCSI qla2xxx driver, which can lead to a system crash when using a debug kernel. The issue arises from a deletion process that allows sessions to be queued for removal twice, causing corruption in the linked list management of sessions. This vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can cause a system crash due to linked list corruption, disrupting the normal operation of the SCSI qla2xxx driver.

Reproduction

The vulnerability can be reproduced by triggering the deletion of SCSI sessions in a way that allows the same session to be queued for deletion multiple times on different CPUs. This can be done by manipulating the session management process to bypass the safeguards that prevent double queuing.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.

Added: Oct 4, 2025, 4:19 PM

Updated: Oct 4, 2025, 4:19 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.7

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.7

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel SCSI qla2xxx Deletion Race Condition Vulnerability Leading to System Crash

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating