Crash in Linux Kernel SCSI Driver for FNIC During FDMI Timeouts
CVE-2025-38238

Currently unrated

Key Information:

Vendor

Linux

Status
Vendor
CVE Published:
9 July 2025

What is CVE-2025-38238?

A vulnerability exists in the SCSI driver for FNIC in the Linux kernel, where, under certain conditions, both RHBA and RPA FDMI requests may time out. This results in the driver attempting to reuse a frame for sending ABTS commands, leading to a crash due to double-free attempts. The issue has been addressed by ensuring that separate frames are allocated for the respective requests, thereby eliminating the crash scenario during timeout handling. Extensive testing was conducted to simulate various FDMI response drops, verifying the stability of the updated logic.

Affected Version(s)

Linux 09c1e6ab4ab2a107d96f119950dc330e446dc2b0 < 09679e9abedfbc5a2590759a1a7893c1c26e6044

Linux 09c1e6ab4ab2a107d96f119950dc330e446dc2b0

Linux 6.14

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38238 : Crash in Linux Kernel SCSI Driver for FNIC During FDMI Timeouts