๐Ÿ” CVE Alert

CVE-2025-38074

UNKNOWN 0.0

vhost-scsi: protect vq->log_used with vq->mutex

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: protect vq->log_used with vq->mutex The vhost-scsi completion path may access vq->log_base when vq->log_used is already set to false. vhost-thread QEMU-thread vhost_scsi_complete_cmd_work() -> vhost_add_used() -> vhost_add_used_n() if (unlikely(vq->log_used)) QEMU disables vq->log_used via VHOST_SET_VRING_ADDR. mutex_lock(&vq->mutex); vq->log_used = false now! mutex_unlock(&vq->mutex); QEMU gfree(vq->log_base) log_used() -> log_write(vq->log_base) Assuming the VMM is QEMU. The vq->log_base is from QEMU userpace and can be reclaimed via gfree(). As a result, this causes invalid memory writes to QEMU userspace. The control queue path has the same issue.

Vendor linux
Product linux
Ecosystems
Industries
Technology
Published Jun 18, 2025
Last Updated May 11, 2026
Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Linux / Linux
057cbf49a1f08297877e46c82f707b1bfea806a8 < 80cf68489681c165ded460930e391b1eb37b5f6f 057cbf49a1f08297877e46c82f707b1bfea806a8 < 8312a1ccff1566f375191a89b9ba71b6eb48a8cd 057cbf49a1f08297877e46c82f707b1bfea806a8 < 59614c5acf6688f7af3c245d359082c0e9e53117 057cbf49a1f08297877e46c82f707b1bfea806a8 < ca85c2d0db5f8309832be45858b960d933c2131c 057cbf49a1f08297877e46c82f707b1bfea806a8 < bd8c9404e44adb9f6219c09b3409a61ab7ce3427 057cbf49a1f08297877e46c82f707b1bfea806a8 < c0039e3afda29be469d29b3013d7f9bdee136834 057cbf49a1f08297877e46c82f707b1bfea806a8 < f591cf9fce724e5075cc67488c43c6e39e8cbe27
Linux / Linux
3.6

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
git.kernel.org: https://git.kernel.org/stable/c/80cf68489681c165ded460930e391b1eb37b5f6f git.kernel.org: https://git.kernel.org/stable/c/8312a1ccff1566f375191a89b9ba71b6eb48a8cd git.kernel.org: https://git.kernel.org/stable/c/59614c5acf6688f7af3c245d359082c0e9e53117 git.kernel.org: https://git.kernel.org/stable/c/ca85c2d0db5f8309832be45858b960d933c2131c git.kernel.org: https://git.kernel.org/stable/c/bd8c9404e44adb9f6219c09b3409a61ab7ce3427 git.kernel.org: https://git.kernel.org/stable/c/c0039e3afda29be469d29b3013d7f9bdee136834 git.kernel.org: https://git.kernel.org/stable/c/f591cf9fce724e5075cc67488c43c6e39e8cbe27 lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html