CVE-2025-21690

In the Linux kernel, the following vulnerability has been resolved:

scsi: storvsc: Ratelimit warning logs to prevent VM denial of service

If there's a persistent error in the hypervisor, the SCSI warning for
failed I/O can flood the kernel log and max out CPU utilization,
preventing troubleshooting from the VM side. Ratelimit the warning so
it doesn't DoS the VM.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
VendorProductVersion
linuxlinux_kernel
𝑥
< 5.15.178
linuxlinux_kernel
5.16 ≤
𝑥
< 6.1.128
linuxlinux_kernel
6.2 ≤
𝑥
< 6.6.75
linuxlinux_kernel
6.7 ≤
𝑥
< 6.12.12
linuxlinux_kernel
6.13
linuxlinux_kernel
6.13:rc1
linuxlinux_kernel
6.13:rc2
linuxlinux_kernel
6.13:rc3
linuxlinux_kernel
6.13:rc4
linuxlinux_kernel
6.13:rc5
linuxlinux_kernel
6.13:rc6
linuxlinux_kernel
6.13:rc7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
vulnerable
bullseye (security)
vulnerable
bookworm
6.1.129-1
fixed
bookworm (security)
6.1.128-1
fixed
trixie
6.12.20-1
fixed
sid
6.12.21-1
fixed
linux-6.1
bullseye (security)
6.1.129-1~deb11u1
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/01d1ebdab9ccb73c952e1666a8a80abd194dbc55
https://git.kernel.org/stable/c/088bde862f8d3d0fc52e40e66a0484a246837087
https://git.kernel.org/stable/c/182a4b7c731e95c08cb47f14b87a272b6ab2b2da
https://git.kernel.org/stable/c/81d4dd05c412ba04f9f6b85b718e6da833be290c
https://git.kernel.org/stable/c/d0f0af1bafef33b3e2aa8c3a4ef44db48df9b0ea
https://git.kernel.org/stable/c/d2138eab8cde61e0e6f62d0713e45202e8457d6d