CVE-2025-21656

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-21656

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-21656.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-21656

Downstream

BELL-CVE-2025-21656

DEBIAN-CVE-2025-21656

ECHO-5ac0-6683-2ddd

MINI-wv89-xm83-233x

OESA-2025-1204

OESA-2025-1205

SUSE-SU-2025:0289-1

SUSE-SU-2025:0428-1

SUSE-SU-2025:0499-1

SUSE-SU-2025:0557-1

UBUNTU-CVE-2025-21656

USN-7379-1

USN-7381-1

USN-7382-1

USN-7513-1

USN-7513-2

USN-7513-3

USN-7513-4

USN-7513-5

USN-7514-1

USN-7515-1

USN-7515-2

USN-7522-1

USN-7523-1

USN-7524-1

Related

Published

2025-01-21T13:15:09Z

Modified

2025-09-26T16:21:34Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur

scsiexecutecmd() function can return both negative (linux codes) and positive (scsi_cmnd result field) error codes.

Currently the driver just passes error codes of scsiexecutecmd() to hwmon core, which is incorrect because hwmon only checks for negative error codes. This leads to hwmon reporting uninitialized data to userspace in case of SCSI errors (for example if the disk drive was disconnected).

This patch checks scsiexecutecmd() output and returns -EIO if it's error code is positive.

[groeck: Avoid inline variable declaration for portability]

References

Affected packages