Skip to main content

Linux EUVDEUVD-2025-32338

| CVE-2022-50493 MEDIUM
2025-10-04 416baaa9-dc9f-4396-8d5f-8c081fb06d67
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
4.0 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
EUVD ID Assigned
Mar 13, 2026 - 19:56 euvd
EUVD-2025-32338
Analysis Generated
Mar 13, 2026 - 19:56 vuln.today
Patch released
Jan 23, 2026 - 20:44 nvd
Patch available
CVE Published
Oct 04, 2025 - 16:15 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Fix crash when I/O abort times out

While performing CPU hotplug, a crash with the following stack was seen:

Call Trace: qla24xx_process_response_queue+0x42a/0x970 [qla2xxx] qla2x00_start_nvme_mq+0x3a2/0x4b0 [qla2xxx] qla_nvme_post_cmd+0x166/0x240 [qla2xxx] nvme_fc_start_fcp_op.part.0+0x119/0x2e0 [nvme_fc] blk_mq_dispatch_rq_list+0x17b/0x610 __blk_mq_sched_dispatch_requests+0xb0/0x140 blk_mq_sched_dispatch_requests+0x30/0x60 __blk_mq_run_hw_queue+0x35/0x90 __blk_mq_delay_run_hw_queue+0x161/0x180 blk_execute_rq+0xbe/0x160 __nvme_submit_sync_cmd+0x16f/0x220 [nvme_core] nvmf_connect_admin_queue+0x11a/0x170 [nvme_fabrics] nvme_fc_create_association.cold+0x50/0x3dc [nvme_fc] nvme_fc_connect_ctrl_work+0x19/0x30 [nvme_fc] process_one_work+0x1e8/0x3c0

On abort timeout, completion was called without checking if the I/O was already completed.

Verify that I/O and abort request are indeed outstanding before attempting completion.

Analysis

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Fix crash when I/O abort times out

While performing CPU hotplug, a crash with the following stack was seen:

Call Trace: qla24xx_process_response_queue+0x42a/0x970 [qla2xxx] qla2x00_start_nvme_mq+0x3a2/0x4b0 [qla2xxx] qla_nvme_post_cmd+0x166/0x240 [qla2xxx] nvme_fc_start_fcp_op.part.0+0x119/0x2e0 [nvme_fc] blk_mq_dispatch_rq_list+0x17b/0x610 __blk_mq_sched_dispatch_requests+0xb0/0x140 blk_mq_sched_dispatch_requests+0x30/0x60 __blk_mq_run_hw_queue+0x35/0x90 __blk_mq_delay_run_hw_queue+0x161/0x180 blk_execute_rq+0xbe/0x160 __nvme_submit_sync_cmd+0x16f/0x220 [nvme_core] nvmf_connect_admin_queue+0x11a/0x170 [nvme_fabrics] nvme_fc_create_association.cold+0x50/0x3dc [nvme_fc] nvme_fc_connect_ctrl_work+0x19/0x30 [nvme_fc] process_one_work+0x1e8/0x3c0

On abort timeout, completion was called without checking if the I/O was already completed.

Verify that I/O and abort request are indeed outstanding before attempting completion.

Technical ContextAI

A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users.

RemediationAI

A vendor patch is available — apply it immediately. Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
Container suse/sle-micro-rancher/5.2:latest Affected
Container suse/sle-micro-rancher/5.3:latest Container suse/sle-micro-rancher/5.4:5.4.4.5.89 Image SLES15-SP4-BYOS Image SLES15-SP4-BYOS-Azure Image SLES15-SP4-BYOS-EC2 Image SLES15-SP4-BYOS-GCE Image SLES15-SP4-HPC-BYOS Image SLES15-SP4-HPC-BYOS-Azure Image SLES15-SP4-HPC-BYOS-EC2 Image SLES15-SP4-HPC-BYOS-GCE Image SLES15-SP4-HPC-EC2 Image SLES15-SP4-HPC-GCE Image SLES15-SP4-Hardened-BYOS Image SLES15-SP4-Hardened-BYOS-Azure Image SLES15-SP4-Hardened-BYOS-EC2 Image SLES15-SP4-Hardened-BYOS-GCE Image SLES15-SP4-Manager-Server-4-3-BYOS Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE Image SLES15-SP4-Micro-5-3-BYOS Image SLES15-SP4-Micro-5-3-BYOS-Azure Image SLES15-SP4-Micro-5-4-BYOS Image SLES15-SP4-Micro-5-4-BYOS-Azure Image SLES15-SP4-SAP Image SLES15-SP4-SAP-Azure Image SLES15-SP4-SAP-EC2 Image SLES15-SP4-SAP-GCE Image SLES15-SP4-SAPCAL Image SLES15-SP4-SAPCAL-Azure Image SLES15-SP4-SAPCAL-EC2 Image SLES15-SP4-SAPCAL-GCE Affected
Container suse/sle-micro/base-5.5:2.0.4-5.8.224 Image SLES15-SP5-BYOS-Azure Image SLES15-SP5-BYOS-EC2 Image SLES15-SP5-BYOS-GCE Image SLES15-SP5-EC2 Image SLES15-SP5-GCE Image SLES15-SP5-HPC-BYOS-Azure Image SLES15-SP5-HPC-BYOS-EC2 Image SLES15-SP5-HPC-BYOS-GCE Image SLES15-SP5-Hardened-BYOS-Azure Image SLES15-SP5-Hardened-BYOS-EC2 Image SLES15-SP5-Hardened-BYOS-GCE Image SLES15-SP5-Micro-5-5 Image SLES15-SP5-Micro-5-5-Azure Image SLES15-SP5-Micro-5-5-BYOS Image SLES15-SP5-Micro-5-5-BYOS-Azure Image SLES15-SP5-Micro-5-5-EC2 Image SLES15-SP5-SAPCAL-Azure Image SLES15-SP5-SAPCAL-EC2 Image SLES15-SP5-SAPCAL-GCE Affected
Container suse/sle-micro/kvm-5.5:2.0.4-3.5.429 Affected
Container suse/sle-micro/rt-5.5:2.0.4-4.5.535 Affected

Share

EUVD-2025-32338 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy