Crash in Linux Kernel SCSI Driver for FNIC During FDMI Timeouts
CVE-2025-38238
Currently unrated
What is CVE-2025-38238?
A vulnerability exists in the SCSI driver for FNIC in the Linux kernel, where, under certain conditions, both RHBA and RPA FDMI requests may time out. This results in the driver attempting to reuse a frame for sending ABTS commands, leading to a crash due to double-free attempts. The issue has been addressed by ensuring that separate frames are allocated for the respective requests, thereby eliminating the crash scenario during timeout handling. Extensive testing was conducted to simulate various FDMI response drops, verifying the stability of the updated logic.
Affected Version(s)
Linux 09c1e6ab4ab2a107d96f119950dc330e446dc2b0 < 09679e9abedfbc5a2590759a1a7893c1c26e6044
Linux 09c1e6ab4ab2a107d96f119950dc330e446dc2b0
Linux 6.14