LiveActive security incident?Get immediate response
CVE Record

CVE-2025-68229: scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show()

In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() If the allocation of tl_hba->sh fails in tcm_loop_driver_probe() and we attempt to dereference it in tcm_loop_tpg_address_show() we will get a segfault, see below for an example. So, check tl_hba->sh before dereferencing it. Unable to allocate struct scsi_host BUG: kernel NULL pointer dereference, address: 0000000000000194 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 8356 Comm: tokio-runtime-w Not tainted 6.6.104.2-4.azl3 #1 Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 09/28/2024 RIP: 0010:tcm_loop_tpg_address_show+0x2e/0x50 [tcm_loop] ... Call Trace: <TASK> configfs_read_iter+0x12d/0x1d0 [configfs] vfs_read+0x1b5/0x300 ksys_read+0x6f/0xf0 ...

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2025-68229 is a Linux kernel bug in the SCSI target loopback driver. If an internal allocation fails, a later read can dereference a null pointer and cause a kernel fault. The main business concern is local system instability or denial of service on affected Linux hosts using this component.

Executive priority

Treat as a targeted availability risk, not a broad internet-facing emergency based on current evidence. Patch during normal kernel maintenance, accelerating for storage or virtualization hosts where SCSI target loopback functionality is used.

Technical view

The flaw is in tcm_loop_tpg_address_show(). When tcm_loop_driver_probe() fails to allocate tl_hba->sh, the show handler can still dereference it through configfs_read_iter(), causing a NULL pointer dereference in kernel mode. The kernel fix adds a check before dereferencing tl_hba->sh.

Likely exposure

Exposure appears limited to Linux systems running affected kernel versions with the tcm_loop SCSI target loopback component present or used. The source does not state required privileges or remote reachability. Storage, virtualization, and test environments using kernel SCSI target features should be prioritized for review.

Exploitation context

The provided sources do not show active exploitation, and KEV is false. The described condition requires an allocation failure during probe followed by reading the affected configfs attribute. Impact evidence is a kernel NULL pointer dereference and oops, which can disrupt host availability.

Researcher notes

Affected version data in the bundle is kernel-branch oriented and should be mapped to distribution backports. The CVE text identifies the failing path and fix concept, but does not provide CVSS, privilege requirements, or a complete exploitability assessment.

Mitigation direction

  • Update to a kernel containing the referenced stable fixes for your maintained branch.
  • Follow your Linux distribution’s advisory and kernel package guidance.
  • If unused, consider disabling or avoiding tcm_loop according to vendor-supported procedures.
  • Prioritize hosts using SCSI target, storage virtualization, or kernel target testing features.

Validation and detection

  • Inventory Linux kernel versions across affected server and appliance fleets.
  • Check whether tcm_loop is built, loadable, or active on relevant hosts.
  • Confirm installed kernels include the applicable stable commit for their branch.
  • Review kernel logs for tcm_loop_tpg_address_show NULL dereference or related oops messages.
  • Track distribution advisories because backport versioning may differ from upstream commits.
Prepared
Confidence
medium
Sources
10

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2025-68229 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
1ADP providers
9Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux2628b352c3d4905adf8129ea50900bd980b6ccef, 2628b352c3d4905adf8129ea50900bd980b6ccef, 2628b352c3d4905adf8129ea50900bd980b6ccef, 2628b352c3d4905adf8129ea50900bd980b6ccef, 2628b352c3d4905adf8129ea50900bd980b6ccef, 2628b352c3d4905adf8129ea50900bd980b6ccef, 2628b352c3d4905adf8129ea50900bd980b6ccef, 2628b352c3d4905adf8129ea50900bd980b6ccefunaffected
LinuxLinux4.5, 0, 5.4.302, 5.10.247, 5.15.197, 6.1.159, 6.6.118, 6.12.60, 6.17.10, 6.18affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.