Bug 2425039 (CVE-2025-68745) - CVE-2025-68745 kernel: Linux kernel: Denial of Service in qla2xxx SCSI driver due to improper command handling after chip reset
Summary: CVE-2025-68745 kernel: Linux kernel: Denial of Service in qla2xxx SCSI driver...
Keywords:
Status: NEW
Alias: CVE-2025-68745
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-12-24 13:03 UTC by OSIDB Bzimport
Modified: 2026-01-11 00:24 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-12-24 13:03:55 UTC 
In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Clear cmds after chip reset

Commit aefed3e5548f ("scsi: qla2xxx: target: Fix offline port handling
and host reset handling") caused two problems:

1. Commands sent to FW, after chip reset got stuck and never freed as FW
   is not going to respond to them anymore.

2. BUG_ON(cmd->sg_mapped) in qlt_free_cmd().  Commit 26f9ce53817a
   ("scsi: qla2xxx: Fix missed DMA unmap for aborted commands")
   attempted to fix this, but introduced another bug under different
   circumstances when two different CPUs were racing to call
   qlt_unmap_sg() at the same time: BUG_ON(!valid_dma_direction(dir)) in
   dma_unmap_sg_attrs().

So revert "scsi: qla2xxx: Fix missed DMA unmap for aborted commands" and
partially revert "scsi: qla2xxx: target: Fix offline port handling and
host reset handling" at __qla2x00_abort_all_cmds.
Comment 1 Alexander B 2025-12-25 06:57:22 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025122416-CVE-2025-68745-69b5@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.