DEBIAN-CVE-2025-37861

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2025-37861

Published: 09 May 2025, 07:16

Last modified:28 Apr 2026, 20:29

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

3.1 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

09 May 2025, 07:16

Published

Vulnerability first disclosed

28 Apr 2026, 20:29

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID (0xFFFF), set by the reset thread, which points to unallocated memory, causing a crash. Add flag 'io_admin_reset_sync' to synchronize access between the reset, I/O, and admin threads. Before a reset, the reset handler sets this flag to block I/O and admin processing threads. If any thread bypasses the initial check, the reset thread waits up to 10 seconds for processing to finish. If the wait exceeds 10 seconds, the controller is marked as unrecoverable.

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Systems

debian•linux
all | < 6.12.25-1 | < 6.12.25-1

References (1)

https://security-tracker.debian.org/tracker/CVE-2025-37861