CVE-2025-38289

Summary

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk

Smatch detected a potential use-after-free of an ndlp oject in dev_loss_tmo_callbk during driver unload or fatal error handling.

Fix by reordering code to avoid potential use-after-free if initial nodelist reference has been previously removed.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxe4913d4bc59227fbdfe6b8f5541f49aaea1cb41c < ea405fb4144985d5c60f49c2abd9ba47ea44fdb4affected
LinuxLinux4281f44ea8bfedd25938a0031bebba1473ece9ad < 4f09940b5581e44069eb31a66cf7f05c3c35ed04affected
LinuxLinux4281f44ea8bfedd25938a0031bebba1473ece9ad < b5162bb6aa1ec04dff4509b025883524b6d7e7caaffected
LinuxLinux6.12.5 < 6.12.37affected
LinuxLinux6.13affected
LinuxLinux0 < 6.13unaffected
LinuxLinux6.12.37 <= 6.12.*unaffected
LinuxLinux6.15.3 <= 6.15.*unaffected
LinuxLinux6.16 <= *unaffected

Weaknesses

References