CVE-2025-21739
scsi: ufs: core: Fix use-after free in init error and remove paths
References
Notes
carnil> Introduced in cb77cb5abe1f ("blk-crypto: rename blk_keyslot_manager to
carnil> blk_crypto_profile")
carnil> d76d9d7d1009 ("scsi: ufs: use devm_blk_ksm_init()"). Vulnerable versions:
carnil> 5.12-rc1.
Bugs
Status
| Branch |
Status |
| upstream |
released (6.14-rc2) [f8fb2403ddebb5eea0033d90d9daae4c88749ada]
|
| 6.18-upstream-stable |
N/A "Fixed before branching point"
|
| 6.17-upstream-stable |
N/A "Fixed before branching point"
|
| 6.13-upstream-stable |
released (6.13.3) [9c185beae09a3eb85f54777edafa227f7e03075d]
|
| 6.12-upstream-stable |
released (6.12.14) [0c77c0d754fe83cb154715fcfec6c3faef94f207]
|
| 6.6-upstream-stable |
needed
|
| 6.1-upstream-stable |
needed
|
| 5.10-upstream-stable |
N/A "Vulnerable code not present"
|
| sid |
released (6.12.15-1)
|
| 6.12-trixie-security |
N/A "Fixed before branching point"
|
| 6.1-bookworm-security |
needed
|
| 5.10-bullseye-security |
N/A "Vulnerable code not present"
|
