Linux Kernel SCSI MPI3MR Task Management Thread Vulnerability

Vulnerability

A vulnerability in the Linux kernel's SCSI MPI3MR driver has been addressed, concerning improper synchronization between task management and reset threads. When the task management thread handles reply queues, the reset thread may simultaneously reset those queues, leading the task management thread to access an invalid queue ID. This ID, set by the reset thread, points to unallocated memory, causing a crash. To resolve this, a new flag 'io_admin_reset_sync' has been introduced to synchronize access among the reset, I/O, and admin threads. The reset handler now blocks I/O and admin processing threads before a reset. If any thread bypasses this initial check, the reset thread will wait up to 10 seconds for the processing to complete. If the wait exceeds 10 seconds, the controller is marked as unrecoverable.

Impact

Exploitation of this vulnerability can lead to a system crash.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel SCSI MPI3MR Task Management Thread Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating