Wiz
Vulnerability DatabaseCVE-2025-38075

CVE-2025-38075
Linux Kernel vulnerability analysis and mitigation

Overview

CVE-2025-38075 is a vulnerability discovered in the Linux kernel's iSCSI target subsystem. The vulnerability was disclosed on June 18, 2025, and affects the SCSI target iSCSI connection handling mechanism (NVD, Wiz).

Technical details

The vulnerability occurs in the NOPIN response timer handling within the iSCSI target module. When a NOPIN response timer expires on a deleted connection, it can lead to a NULL pointer dereference, resulting in a kernel crash. The issue specifically manifests when the NOPIN response timer may be re-started on NOPIN timer expiration (NVD, Wiz).

Impact

When exploited, this vulnerability can cause a kernel crash with NULL pointer dereference on read at 0x00000000, leading to system instability and potential denial of service. The crash produces error logs indicating failure to receive response to NOPIN on CID: 0 and failing connection for I_T Nexus (NVD, Wiz).

Mitigation and workarounds

The fix involves stopping the NOPIN timer before stopping the NOPIN response timer to ensure that neither timer will be re-started. This prevents the race condition that could lead to the NULL pointer dereference. The vulnerability has been fixed in Linux kernel version 6.12.32-1 (Debian Tracker, Wiz).

Additional resources

SourceThis report was generated using AI

Related Linux Kernel vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-40343MEDIUM6.4
  • Linux KernelLinux Kernel
  • linux-iot
NoYesDec 09, 2025
CVE-2025-40342MEDIUM6.4
  • Linux KernelLinux Kernel
  • kernel-rt-devel-matched
NoYesDec 09, 2025
CVE-2025-40340MEDIUM6.4
  • Linux KernelLinux Kernel
  • linux-hwe
NoYesDec 09, 2025
CVE-2025-40341MEDIUM5.1
  • Linux KernelLinux Kernel
  • kernel-zfcpdump-core
NoYesDec 09, 2025
CVE-2025-40344N/AN/A
  • Linux KernelLinux Kernel
  • libperf-devel
NoYesDec 09, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo