CVE-2025-21690

scsi: storvsc: Ratelimit warning logs to prevent VM denial of service

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there's a persistent error in the hypervisor, the SCSI warning for
failed I/O can flood the kernel log and max out CPU utilization,
preventing troubleshooting from the VM side. Ratelimit the warning so
it doesn't DoS the VM.

In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there's a persistent error in the hypervisor, the SCSI warning for failed I/O can flood the kernel log and max out CPU utilization, preventing troubleshooting from the VM side. Ratelimit the warning so it doesn't DoS the VM.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-12-29 CVE Reserved
2025-02-10 CVE Published
2025-02-10 CVE Updated
2025-02-11 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/81d4dd05c412ba04f9f6b85b718e6da833be290c	2025-02-01
https://git.kernel.org/stable/c/182a4b7c731e95c08cb47f14b87a272b6ab2b2da	2025-02-01
https://git.kernel.org/stable/c/088bde862f8d3d0fc52e40e66a0484a246837087	2025-02-01
https://git.kernel.org/stable/c/01d1ebdab9ccb73c952e1666a8a80abd194dbc55	2025-02-01
https://git.kernel.org/stable/c/d0f0af1bafef33b3e2aa8c3a4ef44db48df9b0ea	2025-02-01
https://git.kernel.org/stable/c/d2138eab8cde61e0e6f62d0713e45202e8457d6d	2025-01-10

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.178 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.178"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.128 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.128"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6.75 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.75"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.12.12 Search vendor "Linux" for product "Linux Kernel" and version " < 6.12.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.13.1 Search vendor "Linux" for product "Linux Kernel" and version " < 6.13.1"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.14-rc1 Search vendor "Linux" for product "Linux Kernel" and version " < 6.14-rc1"		en		Affected