{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-37828","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:23.950Z","datePublished":"2025-05-08T06:26:20.135Z","dateUpdated":"2026-05-11T21:15:55.779Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:15:55.779Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort()\n\nA race can occur between the MCQ completion path and the abort handler:\nonce a request completes, __blk_mq_free_request() sets rq->mq_hctx to\nNULL, meaning the subsequent ufshcd_mcq_req_to_hwq() call in\nufshcd_mcq_abort() can return a NULL pointer. If this NULL pointer is\ndereferenced, the kernel will crash.\n\nAdd a NULL check for the returned hwq pointer. If hwq is NULL, log an\nerror and return FAILED, preventing a potential NULL-pointer\ndereference.  As suggested by Bart, the ufshcd_cmd_inflight() check is\nremoved.\n\nThis is similar to the fix in commit 74736103fb41 (\"scsi: ufs: core: Fix\nufshcd_abort_one racing issue\").\n\nThis is found by our static analysis tool KNighter."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/ufs/core/ufs-mcq.c"],"versions":[{"version":"f1304d4420777f82a1d844c606db3d9eca841765","lessThan":"d6979fabe812a168d5053e5a41d5a2e9b8afd7bf","status":"affected","versionType":"git"},{"version":"f1304d4420777f82a1d844c606db3d9eca841765","lessThan":"7d002f591486f5ef4bc02eb02025a53f931f0eb5","status":"affected","versionType":"git"},{"version":"f1304d4420777f82a1d844c606db3d9eca841765","lessThan":"47eec518aef3814f64a5da43df81bdd74d8c0041","status":"affected","versionType":"git"},{"version":"f1304d4420777f82a1d844c606db3d9eca841765","lessThan":"4c324085062919d4e21c69e5e78456dcec0052fe","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/ufs/core/ufs-mcq.c"],"versions":[{"version":"6.5","status":"affected"},{"version":"0","lessThan":"6.5","status":"unaffected","versionType":"semver"},{"version":"6.6.89","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.26","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.14.5","lessThanOrEqual":"6.14.*","status":"unaffected","versionType":"semver"},{"version":"6.15","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.6.89"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.12.26"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.14.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.15"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/d6979fabe812a168d5053e5a41d5a2e9b8afd7bf"},{"url":"https://git.kernel.org/stable/c/7d002f591486f5ef4bc02eb02025a53f931f0eb5"},{"url":"https://git.kernel.org/stable/c/47eec518aef3814f64a5da43df81bdd74d8c0041"},{"url":"https://git.kernel.org/stable/c/4c324085062919d4e21c69e5e78456dcec0052fe"}],"title":"scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort()","x_generator":{"engine":"bippy-1.2.0"}}}}