CVE-2025-38289

HIGH

Linux Kernel - Use-After-Free in SCSI LPFC dev_loss_tmo_callbk

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk Smatch detected a potential use-after-free of an ndlp oject in dev_loss_tmo_callbk during driver unload or fatal error handling. Fix by reordering code to avoid potential use-after-free if initial nodelist reference has been previously removed.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/ea405fb4144985d5c60f49c2abd9ba47ea44fdb4

Patch

https://git.kernel.org/stable/c/4f09940b5581e44069eb31a66cf7f05c3c35ed04

Patch

https://git.kernel.org/stable/c/b5162bb6aa1ec04dff4509b025883524b6d7e7ca

Scores

CVSS v3 7.8

EPSS 0.0016

EPSS Percentile 5.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (12)

linux/Kernel < 6.12.37linux

linux/Kernel 6.13.0 - 6.15.3linux

Linux/Linux < 6.13

Linux/Linux 4281f44ea8bfedd25938a0031bebba1473ece9ad - 4f09940b5581e44069eb31a66cf7f05c3c35ed04

Linux/Linux 4281f44ea8bfedd25938a0031bebba1473ece9ad - b5162bb6aa1ec04dff4509b025883524b6d7e7ca

Linux/Linux 6.12.37 - 6.12.*

Linux/Linux 6.12.5 - 6.12.37

Linux/Linux 6.13

Linux/Linux 6.15.3 - 6.15.*

Linux/Linux 6.16

... and 2 more

Published Jul 10, 2025

Tracked Since Feb 18, 2026