CVE-2025-38289

scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk Smatch detected a potential use-after-free of an ndlp oject in dev_loss_tmo_callbk during driver unload or fatal error handling. Fix by reordering code to avoid potential use-after-free if initial nodelist reference has been previously removed.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/ea405fb4144985d5c60f49c2abd9ba47ea44fdb4
https://git.kernel.org/stable/c/4f09940b5581e44069eb31a66cf7f05c3c35ed04
https://git.kernel.org/stable/c/b5162bb6aa1ec04dff4509b025883524b6d7e7ca

Frequently Asked Questions

What is the severity of CVE-2025-38289?
CVE-2025-38289 has not yet been assigned a CVSS score.
How to fix CVE-2025-38289?
To fix CVE-2025-38289, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38289 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-38289 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38289?
CVE-2025-38289 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.