CVE-2025-38238 (GCVE-0-2025-38238)
Vulnerability from cvelistv5
Published
2025-07-09 10:42
Modified
2025-07-28 04:15
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out When both the RHBA and RPA FDMI requests time out, fnic reuses a frame to send ABTS for each of them. On send completion, this causes an attempt to free the same frame twice that leads to a crash. Fix crash by allocating separate frames for RHBA and RPA, and modify ABTS logic accordingly. Tested by checking MDS for FDMI information. Tested by using instrumented driver to: - Drop PLOGI response - Drop RHBA response - Drop RPA response - Drop RHBA and RPA response - Drop PLOGI response + ABTS response - Drop RHBA response + ABTS response - Drop RPA response + ABTS response - Drop RHBA and RPA response + ABTS response for both of them
References
Impacted products
Vendor Product Version
Linux Linux Version: 09c1e6ab4ab2a107d96f119950dc330e446dc2b0
Version: 09c1e6ab4ab2a107d96f119950dc330e446dc2b0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/fnic/fdls_disc.c",
            "drivers/scsi/fnic/fnic.h",
            "drivers/scsi/fnic/fnic_fdls.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "09679e9abedfbc5a2590759a1a7893c1c26e6044",
              "status": "affected",
              "version": "09c1e6ab4ab2a107d96f119950dc330e446dc2b0",
              "versionType": "git"
            },
            {
              "lessThan": "a35b29bdedb4d2ae3160d4d6684a6f1ecd9ca7c2",
              "status": "affected",
              "version": "09c1e6ab4ab2a107d96f119950dc330e446dc2b0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/fnic/fdls_disc.c",
            "drivers/scsi/fnic/fnic.h",
            "drivers/scsi/fnic/fnic_fdls.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.14"
            },
            {
              "lessThan": "6.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.5",
                  "versionStartIncluding": "6.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "6.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out\n\nWhen both the RHBA and RPA FDMI requests time out, fnic reuses a frame to\nsend ABTS for each of them. On send completion, this causes an attempt to\nfree the same frame twice that leads to a crash.\n\nFix crash by allocating separate frames for RHBA and RPA, and modify ABTS\nlogic accordingly.\n\nTested by checking MDS for FDMI information.\n\nTested by using instrumented driver to:\n\n - Drop PLOGI response\n - Drop RHBA response\n - Drop RPA response\n - Drop RHBA and RPA response\n - Drop PLOGI response + ABTS response\n - Drop RHBA response + ABTS response\n - Drop RPA response + ABTS response\n - Drop RHBA and RPA response + ABTS response for both of them"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T04:15:55.539Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/09679e9abedfbc5a2590759a1a7893c1c26e6044"
        },
        {
          "url": "https://git.kernel.org/stable/c/a35b29bdedb4d2ae3160d4d6684a6f1ecd9ca7c2"
        }
      ],
      "title": "scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38238",
    "datePublished": "2025-07-09T10:42:23.538Z",
    "dateReserved": "2025-04-16T04:51:23.996Z",
    "dateUpdated": "2025-07-28T04:15:55.539Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-38238\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-07-09T11:15:25.080\",\"lastModified\":\"2025-07-10T13:17:30.017\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nscsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out\\n\\nWhen both the RHBA and RPA FDMI requests time out, fnic reuses a frame to\\nsend ABTS for each of them. On send completion, this causes an attempt to\\nfree the same frame twice that leads to a crash.\\n\\nFix crash by allocating separate frames for RHBA and RPA, and modify ABTS\\nlogic accordingly.\\n\\nTested by checking MDS for FDMI information.\\n\\nTested by using instrumented driver to:\\n\\n - Drop PLOGI response\\n - Drop RHBA response\\n - Drop RPA response\\n - Drop RHBA and RPA response\\n - Drop PLOGI response + ABTS response\\n - Drop RHBA response + ABTS response\\n - Drop RPA response + ABTS response\\n - Drop RHBA and RPA response + ABTS response for both of them\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: fnic: Se corrige el fallo en fnic_wq_cmpl_handler cuando se agota el tiempo de espera de FDMI. Cuando se agota el tiempo de espera de las solicitudes FDMI de RHBA y RPA, fnic reutiliza una trama para enviar ABTS para cada una de ellas. Al completarse el env\u00edo, esto provoca un intento de liberar la misma trama dos veces, lo que provoca un fallo. Se corrige el fallo asignando tramas separadas para RHBA y RPA y modificando la l\u00f3gica de ABTS seg\u00fan corresponda. Se prob\u00f3 verificando MDS para obtener informaci\u00f3n de FDMI. Se prob\u00f3 utilizando un controlador instrumentado para: - Descartar la respuesta PLOGI - Descartar la respuesta RHBA - Descartar la respuesta RPA - Descartar la respuesta RHBA y RPA - Descartar la respuesta PLOGI + respuesta ABTS - Descartar la respuesta RHBA + respuesta ABTS - Descartar la respuesta RPA + respuesta ABTS - Descartar la respuesta RHBA y RPA + respuesta ABTS para ambas.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/09679e9abedfbc5a2590759a1a7893c1c26e6044\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a35b29bdedb4d2ae3160d4d6684a6f1ecd9ca7c2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.