Acknowledged
Created: Jun 19, 2025
Updated: Jun 20, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]scsi: target: iscsi: Fix timeout on deleted connection[EOL][EOL]NOPIN response timer may expire on a deleted connection and crash with[EOL]such logs:[EOL][EOL]Did not receive response to NOPIN on CID: 0, failing connection for I_T Nexus (null),i,0x00023d000125,iqn.2017-01.com.iscsi.target,t,0x3d[EOL][EOL]BUG: Kernel NULL pointer dereference on read at 0x00000000[EOL]NIP strlcpy+0x8/0xb0[EOL]LR iscsit_fill_cxn_timeout_err_stats+0x5c/0xc0 [iscsi_target_mod][EOL]Call Trace:[EOL] iscsit_handle_nopin_response_timeout+0xfc/0x120 [iscsi_target_mod][EOL] call_timer_fn+0x58/0x1f0[EOL] run_timer_softirq+0x740/0x860[EOL] __do_softirq+0x16c/0x420[EOL] irq_exit+0x188/0x1c0[EOL] timer_interrupt+0x184/0x410[EOL][EOL]That is because nopin response timer may be re-started on nopin timer[EOL]expiration.[EOL][EOL]Stop nopin timer before stopping the nopin response timer to be sure[EOL]that no one of them will be re-started.
CREATE(Triage):(User=lchen-cn) [CVE-2025-38075 (https://nvd.nist.gov/vuln/detail/CVE-2025-38075)
