Linux Kernel SCSI UFS NULL Pointer Dereference Vulnerability

Vulnerability

A vulnerability in the Linux kernel's SCSI UFS (Universal Flash Storage) core has been addressed by adding a NULL pointer check in the 'ufshcd_mcq_compl_pending_transfer()' function. This vulnerability could potentially lead to a NULL pointer dereference, a common programming error that can cause a system to crash or behave unexpectedly. The issue was resolved by ensuring that the hardware queue pointer returned by 'ufshcd_mcq_req_to_hwq()' is not NULL before it is used. This fix is similar to a previous correction that addressed a racing issue in the UFS abort handling.

Impact

The vulnerability could lead to a NULL pointer dereference, causing a system crash or unpredictable behavior.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel SCSI UFS NULL Pointer Dereference Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating