VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2025-68745

CVE-2025-68745

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Clear cmds after chip reset

Commit aefed3e5548f ("scsi: qla2xxx: target: Fix offline port handling and host reset handling") caused two problems:

1. Commands sent to FW, after chip reset got stuck and never freed as FW is not going to respond to them anymore.

2. BUG_ON(cmd->sg_mapped) in qlt_free_cmd(). Commit 26f9ce53817a ("scsi: qla2xxx: Fix missed DMA unmap for aborted commands") attempted to fix this, but introduced another bug under different circumstances when two different CPUs were racing to call qlt_unmap_sg() at the same time: BUG_ON(!valid_dma_direction(dir)) in dma_unmap_sg_attrs().

So revert "scsi: qla2xxx: Fix missed DMA unmap for aborted commands" and partially revert "scsi: qla2xxx: target: Fix offline port handling and host reset handling" at __qla2x00_abort_all_cmds.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Race condition in qla2xxx driver after chip reset can cause commands stuck or DMA unmapping errors, leading to kernel crash.

Vulnerability

Description

The vulnerability is a race condition in the qla2xxx SCSI driver of the Linux kernel. After a chip reset, commands sent to the firmware become stuck and never freed, causing resource leaks. Additionally, a prior fix introduced a race condition in DMA unmapping, where two CPUs calling qlt_unmap_sg() concurrently could trigger a BUG_ON due to invalid DMA direction.

Attack

Vector and Prerequisites

The vulnerability can be triggered under specific conditions involving a chip reset followed by concurrent command handling. No authentication or network access is required; it can be exploited locally by an unprivileged attacker to cause a denial of service.

Impact

An attacker could cause a kernel panic (BUG_ON) or resource exhaustion, leading to system instability or denial of service. The issue has been addressed by reverting the problematic commit and partially reverting another to properly clear commands after chip reset.

Mitigation

The fix has been applied to the Linux kernel stable tree (see commit [1]). Users should update to the latest kernel version to mitigate this vulnerability.

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.