CVE-2025-38289

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-38289

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38289.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-38289

Downstream

DEBIAN-CVE-2025-38289

SUSE-SU-2025:02852-1

SUSE-SU-2025:02853-1

SUSE-SU-2025:02923-1

SUSE-SU-2025:02969-1

SUSE-SU-2025:03023-1

UBUNTU-CVE-2025-38289

USN-7769-1

USN-7769-2

USN-7769-3

USN-7770-1

USN-7771-1

USN-7789-1

USN-7789-2

Related

Published

2025-07-10T07:42:05Z

Modified

2025-10-18T01:57:39.175278Z

Summary

scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk

Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Avoid potential ndlp use-after-free in devlosstmo_callbk

Smatch detected a potential use-after-free of an ndlp oject in devlosstmo_callbk during driver unload or fatal error handling.

Fix by reordering code to avoid potential use-after-free if initial nodelist reference has been previously removed.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

e4913d4bc59227fbdfe6b8f5541f49aaea1cb41c

Fixed

ea405fb4144985d5c60f49c2abd9ba47ea44fdb4

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

4281f44ea8bfedd25938a0031bebba1473ece9ad

Fixed

4f09940b5581e44069eb31a66cf7f05c3c35ed04

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

4281f44ea8bfedd25938a0031bebba1473ece9ad

Fixed

b5162bb6aa1ec04dff4509b025883524b6d7e7ca

Affected versions

v6.*

v6.12

v6.12-rc2

v6.12-rc3

v6.12-rc4

v6.12-rc5

v6.12-rc6

v6.12-rc7

v6.12.10

v6.12.11

v6.12.12

v6.12.13

v6.12.14

v6.12.15

v6.12.16

v6.12.17

v6.12.18

v6.12.19

v6.12.20

v6.12.21

v6.12.22

v6.12.23

v6.12.24

v6.12.25

v6.12.26

v6.12.27

v6.12.28

v6.12.29

v6.12.30

v6.12.31

v6.12.32

v6.12.33

v6.12.34

v6.12.35

v6.12.36

v6.12.5

v6.12.6

v6.12.7

v6.12.8

v6.12.9

v6.13

v6.13-rc1

v6.13-rc2

v6.13-rc3

v6.13-rc4

v6.13-rc5

v6.13-rc6

v6.13-rc7

v6.14

v6.14-rc1

v6.14-rc2

v6.14-rc3

v6.14-rc4

v6.14-rc5

v6.14-rc6

v6.14-rc7

v6.15

v6.15-rc1

v6.15-rc2

v6.15-rc3

v6.15-rc4

v6.15-rc5

v6.15-rc6

v6.15-rc7

v6.15.1

v6.15.2

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.12.37

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.15.3