CVE-2025-39841

HIGH EPSS 6.3%
Published Sep 19, 20259mo ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Sep 19, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only then cleared the context pointer under the lock. Concurrent paths (e.g., ABTS and the repost path) also inspect and release the same pointer under the lock, so the old order could lead to double-free/UAF. Note that the repost path already uses the correct pattern: detach the pointer under the lock, then free it after dropping the lock. The deferred path should do the same.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
6.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥5.1  –  <5.4.299
linuxlinux_kernel*≥5.5  –  <5.10.243
linuxlinux_kernel*≥5.11  –  <5.15.192
linuxlinux_kernel*≥5.16  –  <6.1.151
linuxlinux_kernel*≥6.2  –  <6.6.105
linuxlinux_kernel*≥6.7  –  <6.12.46
linuxlinux_kernel*≥6.13  –  <6.16.6
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
debiandebian_linux11.0any

References 12

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-032379.html
  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-089022.html
  • git.kernel.org https://git.kernel.org/stable/c/367cb5ffd8a8a4c85dc89f55e7fa7cc191425b11
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/55658c7501467ca9ef3bd4453dd920010db8bc13
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/897f64b01c1249ac730329b83f4f40bab71e86c7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/95b63d15fce5c54a73bbf195e1aacb5a75b128e2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9dba9a45c348e8460da97c450cddf70b2056deb3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ab34084f42ee06a9028d67c78feafb911d33d111
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/baa39f6ad79d372a6ce0aa639fbb2f1578479f57
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d96cc9a1b57725930c60b607423759d563b4d900
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Mailing ListThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/367cb5ffd8a8a4c85dc89f55e7fa7cc191425b11
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/55658c7501467ca9ef3bd4453dd920010db8bc13
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/897f64b01c1249ac730329b83f4f40bab71e86c7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/95b63d15fce5c54a73bbf195e1aacb5a75b128e2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9dba9a45c348e8460da97c450cddf70b2056deb3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ab34084f42ee06a9028d67c78feafb911d33d111
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/baa39f6ad79d372a6ce0aa639fbb2f1578479f57
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d96cc9a1b57725930c60b607423759d563b4d900
    Patch