CVE-2025-38238
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-09

Last updated on: 2025-11-19

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out When both the RHBA and RPA FDMI requests time out, fnic reuses a frame to send ABTS for each of them. On send completion, this causes an attempt to free the same frame twice that leads to a crash. Fix crash by allocating separate frames for RHBA and RPA, and modify ABTS logic accordingly. Tested by checking MDS for FDMI information. Tested by using instrumented driver to: - Drop PLOGI response - Drop RHBA response - Drop RPA response - Drop RHBA and RPA response - Drop PLOGI response + ABTS response - Drop RHBA response + ABTS response - Drop RPA response + ABTS response - Drop RHBA and RPA response + ABTS response for both of them
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-09
Last Modified
2025-11-19
Generated
2026-05-07
AI Q&A
2025-07-09
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38238
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel 6.16
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's fnic driver where, if both the RHBA and RPA FDMI requests time out, the driver reuses the same frame to send ABTS for both requests. When the send completes, the driver attempts to free the same frame twice, causing a crash. The fix involves allocating separate frames for RHBA and RPA and modifying the ABTS logic accordingly.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash due to a double free of a frame in the fnic driver when certain FDMI requests time out. Such crashes can lead to system instability or downtime, potentially affecting availability of services running on the affected system.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection can be performed by monitoring for crashes in the fnic driver related to FDMI timeouts, specifically looking for crashes in fnic_wq_cmpl_handler. Additionally, checking the MDS (Management Data Server) for FDMI information can help identify issues. However, no specific commands are provided.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves applying the fix that allocates separate frames for RHBA and RPA and modifies the ABTS logic accordingly to prevent double freeing of frames. Testing with an instrumented driver to simulate dropped responses (PLOGI, RHBA, RPA, and ABTS) can help verify the fix. No other specific mitigation steps or commands are provided.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart