Linux Kernel SCSI Warning Log Ratelimit Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been addressed in the Linux kernel's SCSI subsystem for the storvsc driver. This issue arose because persistent errors from the hypervisor could flood the kernel log with SCSI warnings about failed I/O. This log flooding could max out CPU utilization, hindering troubleshooting efforts from the virtual machine side. The vulnerability has been mitigated by implementing a ratelimit on the warning logs, preventing them from overwhelming the VM.

Impact

Excessive SCSI warning logs could flood the kernel log, maxing out CPU utilization and causing a denial-of-service condition on the virtual machine.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel SCSI Warning Log Ratelimit Denial-of-Service Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating