vulnerability

Debian: CVE-2025-21656: linux -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:N/I:N/A:C)	Jan 21, 2025	May 15, 2025	May 27, 2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

Jan 21, 2025

Added

May 15, 2025

Modified

May 27, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur

scsi_execute_cmd() function can return both negative (linux codes) and
positive (scsi_cmnd result field) error codes.

Currently the driver just passes error codes of scsi_execute_cmd() to
hwmon core, which is incorrect because hwmon only checks for negative
error codes. This leads to hwmon reporting uninitialized data to
userspace in case of SCSI errors (for example if the disk drive was
disconnected).

This patch checks scsi_execute_cmd() output and returns -EIO if it's
error code is positive.

[groeck: Avoid inline variable declaration for portability]

Solution

no-fix-debian-deb-package

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today