CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2025-37826: scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()
Description
In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()
Add a NULL check for the returned hwq pointer by ufshcd_mcq_req_to_hwq().
This is similar to the fix in commit 74736103fb41 ("scsi: ufs: core: Fix
ufshcd_abort_one racing issue").
Classification
CVE ID: CVE-2025-37826
Affected Products
Vendor: Linux
Product: Linux
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.02% (probability of being exploited)
EPSS Percentile: 4.25% (scored less or equal to compared to others)
EPSS Date: 2025-06-06 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-37826https://git.kernel.org/stable/c/eeab6618037be84e438e9d6ed5d9a53502faf81f
https://git.kernel.org/stable/c/700128d67d57bb1de4251e563ab85202def36c50
https://git.kernel.org/stable/c/08a966a917fe3d92150fa3cc15793ad5e57051eb