In the Linux kernel, the following vulnerability has been resolved: scsi: qla1280: Fix kernel oops when debug level > 2 A null dereference or oops exception will eventually occur when qla1280.c driver is compiled with DEBUG_QLA1280 enabled and ql_debug_level > 2. I think its clear from the code that the intention here is sg_dma_len(s) not length of sg_next(s) when printing the debug info.
2025-04-01T16:15:26.910
2025-11-03T20:17:32.353
Modified
416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSSv3.1: 5.5 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | linux | linux_kernel | < 5.4.292 | Yes |
| Operating System | linux | linux_kernel | < 5.10.236 | Yes |
| Operating System | linux | linux_kernel | < 5.15.180 | Yes |
| Operating System | linux | linux_kernel | < 6.1.132 | Yes |
| Operating System | linux | linux_kernel | < 6.6.84 | Yes |
| Operating System | linux | linux_kernel | < 6.12.20 | Yes |
| Operating System | linux | linux_kernel | < 6.13.8 | Yes |
| Operating System | linux | linux_kernel | 6.14 | Yes |