Description

In the Linux kernel, the following vulnerability has been resolved: hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur scsi_execute_cmd() function can return both negative (linux codes) and positive (scsi_cmnd result field) error codes. Currently the driver just passes error codes of scsi_execute_cmd() to hwmon core, which is incorrect because hwmon only checks for negative error codes. This leads to hwmon reporting uninitialized data to userspace in case of SCSI errors (for example if the disk drive was disconnected). This patch checks scsi_execute_cmd() output and returns -EIO if it's error code is positive. [groeck: Avoid inline variable declaration for portability]

INFO

Published Date :

2025-01-21T12:18:13.222Z

Last Modified :

2025-05-04T07:18:21.781Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-21656 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-21656.

URL Resource
https://git.kernel.org/stable/c/42268d885e44af875a6474f7bba519cc6cea6a9d cve-icon cve-icon
https://git.kernel.org/stable/c/53e25b10a28edaf8c2a1d3916fd8929501a50dfc cve-icon cve-icon
https://git.kernel.org/stable/c/82163d63ae7a4c36142cd252388737205bb7e4b9 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025012131-CVE-2025-21656-b967@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-21656 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-21656 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact