vulnerability

Red Hat: CVE-2025-38289: kernel: Linux kernel: Denial of service due to use-after-free in scsi: lpfc (Multiple Advisories)

Name: Red Hat: CVE-2025-38289: kernel: Linux kernel: Denial of service due to use-after-free in scsi: lpfc (Multiple Advisories)
Creator: Red Hat
Published: 2025-07-10T00:00:00.000Z
Keywords: CVE, CWE-416, Red Hat, 2025, 38289, kernel, redhat-upgrade-kernel, redhat-upgrade-kernel-rt, Severity 7

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:M/Au:S/C:C/I:C/A:C)

Published

Jul 10, 2025

Added

Jul 14, 2025

Modified

May 13, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk

Smatch detected a potential use-after-free of an ndlp oject in
dev_loss_tmo_callbk during driver unload or fatal error handling.

Fix by reordering code to avoid potential use-after-free if initial
nodelist reference has been previously removed.

Solutions

redhat-upgrade-kernelredhat-upgrade-kernel-rt

References

CWE-416
EUVD-EUVD-2025-20959
NVD-CVE-2025-38289
REDHAT-RHSA-2026:1194
REDHAT-RHSA-2026:4111
https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-20959

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report