CVE-2025-71236
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2026-02-18

Last updated on: 2026-03-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Validate sp before freeing associated memory System crash with the following signature [154563.214890] nvme nvme2: NVME-FC{1}: controller connect complete [154564.169363] qla2xxx [0000:b0:00.1]-3002:2: nvme: Sched: Set ZIO exchange threshold to 3. [154564.169405] qla2xxx [0000:b0:00.1]-ffffff:2: SET ZIO Activity exchange threshold to 5. [154565.539974] qla2xxx [0000:b0:00.1]-5013:2: RSCN database changed – 0078 0080 0000. [154565.545744] qla2xxx [0000:b0:00.1]-5013:2: RSCN database changed – 0078 00a0 0000. [154565.545857] qla2xxx [0000:b0:00.1]-11a2:2: FEC=enabled (data rate). [154565.552760] qla2xxx [0000:b0:00.1]-11a2:2: FEC=enabled (data rate). [154565.553079] BUG: kernel NULL pointer dereference, address: 00000000000000f8 [154565.553080] #PF: supervisor read access in kernel mode [154565.553082] #PF: error_code(0x0000) - not-present page [154565.553084] PGD 80000010488ab067 P4D 80000010488ab067 PUD 104978a067 PMD 0 [154565.553089] Oops: 0000 1 PREEMPT SMP PTI [154565.553092] CPU: 10 PID: 858 Comm: qla2xxx_2_dpc Kdump: loaded Tainted: G OE ------- --- 5.14.0-503.11.1.el9_5.x86_64 #1 [154565.553096] Hardware name: HPE Synergy 660 Gen10/Synergy 660 Gen10 Compute Module, BIOS I43 09/30/2024 [154565.553097] RIP: 0010:qla_fab_async_scan.part.0+0x40b/0x870 [qla2xxx] [154565.553141] Code: 00 00 e8 58 a3 ec d4 49 89 e9 ba 12 20 00 00 4c 89 e6 49 c7 c0 00 ee a8 c0 48 c7 c1 66 c0 a9 c0 bf 00 80 00 10 e8 15 69 00 00 <4c> 8b 8d f8 00 00 00 4d 85 c9 74 35 49 8b 84 24 00 19 00 00 48 8b [154565.553143] RSP: 0018:ffffb4dbc8aebdd0 EFLAGS: 00010286 [154565.553145] RAX: 0000000000000000 RBX: ffff8ec2cf0908d0 RCX: 0000000000000002 [154565.553147] RDX: 0000000000000000 RSI: ffffffffc0a9c896 RDI: ffffb4dbc8aebd47 [154565.553148] RBP: 0000000000000000 R08: ffffb4dbc8aebd45 R09: 0000000000ffff0a [154565.553150] R10: 0000000000000000 R11: 000000000000000f R12: ffff8ec2cf0908d0 [154565.553151] R13: ffff8ec2cf090900 R14: 0000000000000102 R15: ffff8ec2cf084000 [154565.553152] FS: 0000000000000000(0000) GS:ffff8ed27f800000(0000) knlGS:0000000000000000 [154565.553154] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [154565.553155] CR2: 00000000000000f8 CR3: 000000113ae0a005 CR4: 00000000007706f0 [154565.553157] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [154565.553158] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [154565.553159] PKRU: 55555554 [154565.553160] Call Trace: [154565.553162] <TASK> [154565.553165] ? show_trace_log_lvl+0x1c4/0x2df [154565.553172] ? show_trace_log_lvl+0x1c4/0x2df [154565.553177] ? qla_fab_async_scan.part.0+0x40b/0x870 [qla2xxx] [154565.553215] ? __die_body.cold+0x8/0xd [154565.553218] ? page_fault_oops+0x134/0x170 [154565.553223] ? snprintf+0x49/0x70 [154565.553229] ? exc_page_fault+0x62/0x150 [154565.553238] ? asm_exc_page_fault+0x22/0x30 Check for sp being non NULL before freeing any associated memory
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-18
Last Modified
2026-03-18
Generated
2026-05-07
AI Q&A
2026-02-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-71236
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.19 (inc) to 6.19.1 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.164 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.201 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.125 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.72 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.11 (exc)
linux linux_kernel From 4.16 (inc) to 5.10.251 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's qla2xxx SCSI driver. It occurs because the code does not properly validate a pointer named 'sp' before freeing the associated memory. This can lead to a NULL pointer dereference, causing the kernel to crash.

The issue manifests as a system crash with a kernel NULL pointer dereference error, as shown in the provided kernel log signature. The fix involves checking that 'sp' is not NULL before attempting to free its associated memory.


How can this vulnerability impact me? :

This vulnerability can cause a system crash due to a NULL pointer dereference in the Linux kernel. Such crashes can lead to denial of service (DoS) conditions, where the affected system becomes unresponsive or requires a reboot.

If the system is running critical workloads or services, this instability can result in downtime, potential data loss, or disruption of operations.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring the system logs for specific kernel crash signatures related to the qla2xxx driver. Look for kernel messages indicating a NULL pointer dereference and errors involving qla2xxx, such as the following signature in the kernel log:

  • [154565.553079] BUG: kernel NULL pointer dereference, address: 00000000000000f8
  • [154565.553082] #PF: supervisor read access in kernel mode
  • [154565.553097] RIP: 0010:qla_fab_async_scan.part.0+0x40b/0x870 [qla2xxx]

To detect this on your system, you can use commands to check the kernel logs such as:

  • dmesg | grep -i qla2xxx
  • journalctl -k | grep -i qla2xxx
  • grep -i 'NULL pointer dereference' /var/log/messages

These commands help identify if the system has experienced crashes or errors related to this vulnerability.


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to ensure that the Linux kernel version in use includes the patch that validates the pointer 'sp' before freeing associated memory in the qla2xxx driver. This prevents the NULL pointer dereference and system crash.

If an updated kernel is not yet available, consider temporarily disabling or unloading the qla2xxx driver to prevent triggering the vulnerability, if feasible in your environment.

Regularly monitor system logs for signs of the issue and apply kernel updates as soon as they are released.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart