CVE-2025-21690

Feb. 21, 2025, 4:30 p.m.

5.5
Medium

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there's a persistent error in the hypervisor, the SCSI warning for failed I/O can flood the kernel log and max out CPU utilization, preventing troubleshooting from the VM side. Ratelimit the warning so it doesn't DoS the VM.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *, 6.13

Weaknesses

CWE-770
Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

*CPE(s)

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel 6.13 - / / / / / /
o linux linux_kernel 6.13 rc1 / / / / / /
o linux linux_kernel 6.13 rc2 / / / / / /
o linux linux_kernel 6.13 rc3 / / / / / /
o linux linux_kernel 6.13 rc4 / / / / / /
o linux linux_kernel 6.13 rc5 / / / / / /
o linux linux_kernel 6.13 rc6 / / / / / /
o linux linux_kernel 6.13 rc7 / / / / / /

References

https://git.kernel.org/stable/c/01d1ebdab9ccb73c952e1666a8a80abd194dbc55
https://git.kernel.org/stable/c/088bde862f8d3d0fc52e40e66a0484a246837087
https://git.kernel.org/stable/c/182a4b7c731e95c08cb47f14b87a272b6ab2b2da
https://git.kernel.org/stable/c/81d4dd05c412ba04f9f6b85b718e6da833be290c
https://git.kernel.org/stable/c/d0f0af1bafef33b3e2aa8c3a4ef44db48df9b0ea
https://git.kernel.org/stable/c/d2138eab8cde61e0e6f62d0713e45202e8457d6d

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-770
2025-02-10
CVE-2025-21690

CVSS Score

5.5 / 10

CVSS Data

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH
    • View Vector String

    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Date

  • Published: Feb. 10, 2025, 4:15 p.m.
  • Last Modified: Feb. 21, 2025, 4:30 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.