2348606 – (CVE-2025-21723) CVE-2025-21723 kernel: scsi: mpi3mr: Fix possible crash when setting up bsg fails

Bug 2348606 (CVE-2025-21723) - CVE-2025-21723 kernel: scsi: mpi3mr: Fix possible crash when setting up bsg fails

Summary: CVE-2025-21723 kernel: scsi: mpi3mr: Fix possible crash when setting up bsg f...

Keywords:
Status:	NEW
Alias:	CVE-2025-21723
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-02-27 03:04 UTC by OSIDB Bzimport
Modified:	2025-03-17 19:55 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-02-27 03:04:54 UTC

In the Linux kernel, the following vulnerability has been resolved:

scsi: mpi3mr: Fix possible crash when setting up bsg fails

If bsg_setup_queue() fails, the bsg_queue is assigned a non-NULL value.
Consequently, in mpi3mr_bsg_exit(), the condition "if(!mrioc->bsg_queue)"
will not be satisfied, preventing execution from entering
bsg_remove_queue(), which could lead to the following crash:

BUG: kernel NULL pointer dereference, address: 000000000000041c
Call Trace:
  <TASK>
  mpi3mr_bsg_exit+0x1f/0x50 [mpi3mr]
  mpi3mr_remove+0x6f/0x340 [mpi3mr]
  pci_device_remove+0x3f/0xb0
  device_release_driver_internal+0x19d/0x220
  unbind_store+0xa4/0xb0
  kernfs_fop_write_iter+0x11f/0x200
  vfs_write+0x1fc/0x3e0
  ksys_write+0x67/0xe0
  do_syscall_64+0x38/0x80
  entry_SYSCALL_64_after_hwframe+0x78/0xe2

Comment 1 Michal Findra 2025-02-27 18:58:10 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022647-CVE-2025-21723-9f05@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.