CVE-2025-68371

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: smartpqi: Fix device resources accessed after device removal<br /> <br /> Correct possible race conditions during device removal.<br /> <br /> Previously, a scheduled work item to reset a LUN could still execute<br /> after the device was removed, leading to use-after-free and other<br /> resource access issues.<br /> <br /> This race condition occurs because the abort handler may schedule a LUN<br /> reset concurrently with device removal via sdev_destroy(), leading to<br /> use-after-free and improper access to freed resources.<br /> <br /> - Check in the device reset handler if the device is still present in<br /> the controller&amp;#39;s SCSI device list before running; if not, the reset<br /> is skipped.<br /> <br /> - Cancel any pending TMF work that has not started in sdev_destroy().<br /> <br /> - Ensure device freeing in sdev_destroy() is done while holding the<br /> LUN reset mutex to avoid races with ongoing resets.