CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: storvsc: Ratelimit warning logs to prevent VM denial of service

If there's a persistent error in the hypervisor, the SCSI warning for
failed I/O can flood the kernel log and max out CPU utilization,
preventing troubleshooting from the VM side. Ratelimit the warning so
it doesn't DoS the VM.

Classification

CVE ID: CVE-2025-21690

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 5.04% (scored less or equal to compared to others)

EPSS Date: 2025-03-11 (when was this score calculated)

References

https://git.kernel.org/stable/c/81d4dd05c412ba04f9f6b85b718e6da833be290c
https://git.kernel.org/stable/c/182a4b7c731e95c08cb47f14b87a272b6ab2b2da
https://git.kernel.org/stable/c/088bde862f8d3d0fc52e40e66a0484a246837087
https://git.kernel.org/stable/c/01d1ebdab9ccb73c952e1666a8a80abd194dbc55
https://git.kernel.org/stable/c/d0f0af1bafef33b3e2aa8c3a4ef44db48df9b0ea
https://git.kernel.org/stable/c/d2138eab8cde61e0e6f62d0713e45202e8457d6d

Timeline

2025-02-11 00:32:59 UTC
CVE

scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
2025-03-06 09:45:27 UTC
Tenable Plugins

Linux Distros Unpatched Vulnerability : CVE-2025-21690