{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T11:15:47.783","vulnerabilities":[{"cve":{"id":"CVE-2025-37828","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-05-08T07:15:54.033","lastModified":"2025-11-14T19:44:31.663","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort()\n\nA race can occur between the MCQ completion path and the abort handler:\nonce a request completes, __blk_mq_free_request() sets rq->mq_hctx to\nNULL, meaning the subsequent ufshcd_mcq_req_to_hwq() call in\nufshcd_mcq_abort() can return a NULL pointer. If this NULL pointer is\ndereferenced, the kernel will crash.\n\nAdd a NULL check for the returned hwq pointer. If hwq is NULL, log an\nerror and return FAILED, preventing a potential NULL-pointer\ndereference.  As suggested by Bart, the ufshcd_cmd_inflight() check is\nremoved.\n\nThis is similar to the fix in commit 74736103fb41 (\"scsi: ufs: core: Fix\nufshcd_abort_one racing issue\").\n\nThis is found by our static analysis tool KNighter."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: ufs: mcq: Agregar comprobación NULL en ufshcd_mcq_abort() Puede ocurrir una ejecución entre la ruta de finalización de MCQ y el controlador de aborto: una vez que se completa una solicitud, __blk_mq_free_request() establece rq->mq_hctx en NULL, lo que significa que la llamada ufshcd_mcq_req_to_hwq() posterior en ufshcd_mcq_abort() puede devolver un puntero NULL. Si se desreferencia este puntero NULL, el kernel se bloqueará. Agregue una comprobación NULL para el puntero hwq devuelto. Si hwq es NULL, registre un error y devuelva FAILED, lo que evita una posible desreferencia de puntero NULL. Como sugirió Bart, se elimina la comprobación ufshcd_cmd_inflight(). Esto es similar a la corrección en el commit 74736103fb41 (\"scsi: ufs: core: Fix ufshcd_abort_one racing issue\"). Esta corrección la encontró nuestra herramienta de análisis estático Knighter."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.6.89","matchCriteriaId":"A918024A-FC62-44FA-8BDE-BC07EDE32890"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.26","matchCriteriaId":"22F52099-F422-4D19-8283-45F9F9BF4392"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.14.5","matchCriteriaId":"6B25CA7E-4CD0-46DB-B4EF-13A3516071FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*","matchCriteriaId":"8D465631-2980-487A-8E65-40AE2B9F8ED1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*","matchCriteriaId":"4C9D071F-B28E-46EC-AC61-22B913390211"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.15:rc3:*:*:*:*:*:*","matchCriteriaId":"13FC0DDE-E513-465E-9E81-515702D49B74"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/47eec518aef3814f64a5da43df81bdd74d8c0041","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4c324085062919d4e21c69e5e78456dcec0052fe","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7d002f591486f5ef4bc02eb02025a53f931f0eb5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d6979fabe812a168d5053e5a41d5a2e9b8afd7bf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}