cve 2025 21957

About this tag
CVE-2025-21957 is a Linux kernel vulnerability in the qla1280 SCSI driver that can cause a denial-of-service via a null-pointer dereference. The issue only triggers when the driver is built with debugging enabled and the debug level exceeds 2. A targeted upstream patch has been released to fix the null dereference. Discussions on WindowsForum cover the technical details of the vulnerability, the affected driver code, and the patch that prevents the kernel oops. This tag is relevant for Linux system administrators and security professionals tracking kernel CVEs, particularly those managing systems with QLogic 12xx-series SCSI or Fibre Channel devices.
  1. CVE-2025-21957 Upstream Debug Patch Prevents NULL Dereference in qla1280 Linux Driver

    A small, targeted fix landed upstream this spring to close CVE-2025-21957 — a null‑dereference in the Linux SCSI qla1280 driver that can trigger a kernel oops (and therefore a denial-of-service) when the driver is built with its debugging path enabled and the runtime debug level exceeds 2...