Vulnerabilities > CVE-2025-21957 - NULL Pointer Dereference vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: scsi: qla1280: Fix kernel oops when debug level > 2 A null dereference or oops exception will eventually occur when qla1280.c driver is compiled with DEBUG_QLA1280 enabled and ql_debug_level > 2. I think its clear from the code that the intention here is sg_dma_len(s) not length of sg_next(s) when printing the debug info.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://git.kernel.org/stable/c/11a8dac1177a596648a020a7f3708257a2f95fee
- https://git.kernel.org/stable/c/24602e2664c515a4f2950d7b52c3d5997463418c
- https://git.kernel.org/stable/c/5233e3235dec3065ccc632729675575dbe3c6b8a
- https://git.kernel.org/stable/c/7ac2473e727d67a38266b2b7e55c752402ab588c
- https://git.kernel.org/stable/c/af71ba921d08c241a817010f96458dc5e5e26762
- https://git.kernel.org/stable/c/afa27b7c17a48e01546ccaad0ab017ad0496a522
- https://git.kernel.org/stable/c/c737e2a5fb7f90b96a96121da1b50a9c74ae9b8c
- https://git.kernel.org/stable/c/ea371d1cdefb0951c7127a33bcd7eb931cf44571