CVE-2025-71235— scsi: qla2xxx: Delay module unload while fabric scan in progress
Affected Version Matrix 18
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 783e0dc4f66ade6bbd8833b6bae778158d54c1a6< d8af012f92eee021c6ebb7093e65813c926c336b | affected |
783e0dc4f66ade6bbd8833b6bae778158d54c1a6< 891f9969a29e9767a453cef4811c8d2472ccab49 | affected | ||
783e0dc4f66ade6bbd8833b6bae778158d54c1a6< 984dc1a51bf6fc3ca4e726abe790ec38952935d8 | affected | ||
783e0dc4f66ade6bbd8833b6bae778158d54c1a6< 528b2f1027edfb52af0171f0f4b227fb356dde05 | affected | ||
783e0dc4f66ade6bbd8833b6bae778158d54c1a6< d70f71d4c92bcb8b6a21ac62d4ea3e87721f4f32 | affected | ||
783e0dc4f66ade6bbd8833b6bae778158d54c1a6< c068ebbaf52820d6bdefb9b405a1e426663c635a | affected | ||
783e0dc4f66ade6bbd8833b6bae778158d54c1a6< 7062eb0c488f35730334daad9495d9265c574853 | affected | ||
783e0dc4f66ade6bbd8833b6bae778158d54c1a6< 8890bf450e0b6b283f48ac619fca5ac2f14ddd62 | affected | ||
| … +10 more rows | |||
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-71235
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
scsi: qla2xxx: Delay module unload while fabric scan in progress
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Delay module unload while fabric scan in progress System crash seen during load/unload test in a loop. [105954.384919] RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086 [105954.384920] R10: 000000000000000f R11: ffffa31240904be5 R12: ffff914605f868e0 [105954.384921] R13: ffff914605f86910 R14: 0000000000008010 R15: 00000000ddb7c000 [105954.384923] FS: 0000000000000000(0000) GS:ffff9163fec40000(0000) knlGS:0000000000000000 [105954.384925] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [105954.384926] CR2: 000055d31ce1d6a0 CR3: 0000000119f5e001 CR4: 0000000000770ee0 [105954.384928] PKRU: 55555554 [105954.384929] Call Trace: [105954.384931] <IRQ> [105954.384934] qla24xx_sp_unmap+0x1f3/0x2a0 [qla2xxx] [105954.384962] ? qla_async_scan_sp_done+0x114/0x1f0 [qla2xxx] [105954.384980] ? qla24xx_els_ct_entry+0x4de/0x760 [qla2xxx] [105954.384999] ? __wake_up_common+0x80/0x190 [105954.385004] ? qla24xx_process_response_queue+0xc2/0xaa0 [qla2xxx] [105954.385023] ? qla24xx_msix_rsp_q+0x44/0xb0 [qla2xxx] [105954.385040] ? __handle_irq_event_percpu+0x3d/0x190 [105954.385044] ? handle_irq_event+0x58/0xb0 [105954.385046] ? handle_edge_irq+0x93/0x240 [105954.385050] ? __common_interrupt+0x41/0xa0 [105954.385055] ? common_interrupt+0x3e/0xa0 [105954.385060] ? asm_common_interrupt+0x22/0x40 The root cause of this was that there was a free (dma_free_attrs) in the interrupt context. There was a device discovery/fabric scan in progress. A module unload was issued which set the UNLOADING flag. As part of the discovery, after receiving an interrupt a work queue was scheduled (which involved a work to be queued). Since the UNLOADING flag is set, the work item was not allocated and the mapped memory had to be freed. The free occurred in interrupt context leading to system crash. Delay the driver unload until the fabric scan is complete to avoid the crash.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于模块卸载与结构扫描存在竞争条件,可能导致系统崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-71235
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-71235
请登录查看更多情报信息。
Same Patch Batch · Linux · 2026-02-18 · 31 CVEs total
| CVE-2026-23230 | 8.8 HIGH | smb: client: split cached_fid bitfields to avoid shared-byte RMW races |
| CVE-2026-23226 | 8.8 HIGH | ksmbd: add chann_lock to protect ksmbd_chann_list xarray |
| CVE-2026-23227 | 7.8 HIGH | drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to |
| CVE-2026-23225 | 7.8 HIGH | sched/mmcid: Don't assume CID is CPU owned on mode switch |
| CVE-2026-23224 | 7.8 HIGH | erofs: fix UAF issue for file-backed mounts w/ directio option |
| CVE-2026-23222 | 7.8 HIGH | crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly |
| CVE-2025-71233 | PCI: endpoint: Avoid creating sub-groups asynchronously | |
| CVE-2026-23229 | crypto: virtio - Add spinlock protection with virtqueue notification | |
| CVE-2026-23228 | smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection() | |
| CVE-2026-23223 | xfs: fix UAF in xchk_btree_check_block_owner | |
| CVE-2026-23221 | bus: fsl-mc: fix use-after-free in driver_override_show() | |
| CVE-2026-23220 | ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths | |
| CVE-2025-71237 | nilfs2: Fix potential block overflow that cause system hang | |
| CVE-2025-71236 | scsi: qla2xxx: Validate sp before freeing associated memory | |
| CVE-2025-71234 | wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add | |
| CVE-2026-23211 | mm, swap: restore swap_space attr aviod kernel panic | |
| CVE-2025-71232 | scsi: qla2xxx: Free sp in error path to fix system crash | |
| CVE-2025-71231 | crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode | |
| CVE-2025-71230 | hfs: ensure sb->s_fs_info is always cleaned up | |
| CVE-2025-71229 | wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() |
Showing top 20 of 31 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-43502
net/rds: handle zerocopy send cleanup before the message is - CVE-2026-43501
ipv6: rpl: reserve mac_len headroom when recompressed SRH gr - CVE-2026-43498
accel/ivpu: Disallow re-exporting imported GEM objects - CVE-2026-43499
rtmutex: Use waiter::task instead of current in remove_waite - CVE-2026-43497
fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-aft
Same vendor: Linux
- CVE-2026-43502
net/rds: handle zerocopy send cleanup before the message is - CVE-2026-43501
ipv6: rpl: reserve mac_len headroom when recompressed SRH gr - CVE-2026-43498
accel/ivpu: Disallow re-exporting imported GEM objects - CVE-2026-43499
rtmutex: Use waiter::task instead of current in remove_waite - CVE-2026-43497
fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-aft
V. Comments for CVE-2025-71235
No comments yet