CVE-2025-71238

HIGH EPSS 9.3%
Published Mar 4, 20263mo ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Mar 4, 2026 3mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsg_done() causing double free Kernel panic observed on system, [5353358.825191] BUG: unable to handle page fault for address: ff5f5e897b024000 [5353358.825194] #PF: supervisor write access in kernel mode [5353358.825195] #PF: error_code(0x0002) - not-present page [5353358.825196] PGD 100006067 P4D 0 [5353358.825198] Oops: 0002 [#1] PREEMPT SMP NOPTI [5353358.825200] CPU: 5 PID: 2132085 Comm: qlafwupdate.sub Kdump: loaded Tainted: G W L ------- --- 5.14.0-503.34.1.el9_5.x86_64 #1 [5353358.825203] Hardware name: HPE ProLiant DL360 Gen11/ProLiant DL360 Gen11, BIOS 2.44 01/17/2025 [5353358.825204] RIP: 0010:memcpy_erms+0x6/0x10 [5353358.825211] RSP: 0018:ff591da8f4f6b710 EFLAGS: 00010246 [5353358.825212] RAX: ff5f5e897b024000 RBX: 0000000000007090 RCX: 0000000000001000 [5353358.825213] RDX: 0000000000001000 RSI: ff591da8f4fed090 RDI: ff5f5e897b024000 [5353358.825214] RBP: 0000000000010000 R08: ff5f5e897b024000 R09: 0000000000000000 [5353358.825215] R10: ff46cf8c40517000 R11: 0000000000000001 R12: 0000000000008090 [5353358.825216] R13: ff591da8f4f6b720 R14: 0000000000001000 R15: 0000000000000000 [5353358.825218] FS: 00007f1e88d47740(0000) GS:ff46cf935f940000(0000) knlGS:0000000000000000 [5353358.825219] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [5353358.825220] CR2: ff5f5e897b024000 CR3: 0000000231532004 CR4: 0000000000771ef0 [5353358.825221] PKRU: 55555554 [5353358.825222] Call Trace: [5353358.825223] <TASK> [5353358.825224] ? show_trace_log_lvl+0x1c4/0x2df [5353358.825229] ? show_trace_log_lvl+0x1c4/0x2df [5353358.825232] ? sg_copy_buffer+0xc8/0x110 [5353358.825236] ? __die_body.cold+0x8/0xd [5353358.825238] ? page_fault_oops+0x134/0x170 [5353358.825242] ? kernelmode_fixup_or_oops+0x84/0x110 [5353358.825244] ? exc_page_fault+0xa8/0x150 [5353358.825247] ? asm_exc_page_fault+0x22/0x30 [5353358.825252] ? memcpy_erms+0x6/0x10 [5353358.825253] sg_copy_buffer+0xc8/0x110 [5353358.825259] qla2x00_process_vendor_specific+0x652/0x1320 [qla2xxx] [5353358.825317] qla24xx_bsg_request+0x1b2/0x2d0 [qla2xxx] Most routines in qla_bsg.c call bsg_done() only for success cases. However a few invoke it for failure case as well leading to a double free. Validate before calling bsg_done().

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
9.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-415

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥5.7  –  <5.10.251
linuxlinux_kernel*≥5.11  –  <5.15.201
linuxlinux_kernel*≥5.16  –  <6.1.164
linuxlinux_kernel*≥6.2  –  <6.6.127
linuxlinux_kernel*≥6.7  –  <6.12.74
linuxlinux_kernel*≥6.13  –  <6.18.13
linuxlinux_kernel*≥6.19  –  <6.19.3

References 8

  • git.kernel.org https://git.kernel.org/stable/c/057a5bdc481e58ab853117254867ffb22caf9f6e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/27ac9679c43a09e54e2d9aae9980ada045b428e0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/31f33b856d2324d86bcaef295f4d210477a1c018
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/708003e1bc857dd014d4c44278d7d77c26f91b1c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/74e7458537cd9349cf019862e51491f670871707
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/871f6236da96c4a9712b8a29d7f555f767a47e95
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c2c68225b1456f4d0d393b5a8778d51bb0d5b1d0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f2bbb4db0e4a4fbd5e649c0b5d8733f61da24720
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/057a5bdc481e58ab853117254867ffb22caf9f6e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/27ac9679c43a09e54e2d9aae9980ada045b428e0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/31f33b856d2324d86bcaef295f4d210477a1c018
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/708003e1bc857dd014d4c44278d7d77c26f91b1c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/74e7458537cd9349cf019862e51491f670871707
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/871f6236da96c4a9712b8a29d7f555f767a47e95
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c2c68225b1456f4d0d393b5a8778d51bb0d5b1d0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f2bbb4db0e4a4fbd5e649c0b5d8733f61da24720
    Patch