CVE-2025-71235 (GCVE-0-2025-71235)

Vulnerability from cvelistv5 – Published: 2026-02-18 14:53 – Updated: 2026-02-23 03:16
VLAI?
Title
scsi: qla2xxx: Delay module unload while fabric scan in progress
Summary
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Delay module unload while fabric scan in progress System crash seen during load/unload test in a loop. [105954.384919] RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086 [105954.384920] R10: 000000000000000f R11: ffffa31240904be5 R12: ffff914605f868e0 [105954.384921] R13: ffff914605f86910 R14: 0000000000008010 R15: 00000000ddb7c000 [105954.384923] FS: 0000000000000000(0000) GS:ffff9163fec40000(0000) knlGS:0000000000000000 [105954.384925] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [105954.384926] CR2: 000055d31ce1d6a0 CR3: 0000000119f5e001 CR4: 0000000000770ee0 [105954.384928] PKRU: 55555554 [105954.384929] Call Trace: [105954.384931] <IRQ> [105954.384934] qla24xx_sp_unmap+0x1f3/0x2a0 [qla2xxx] [105954.384962] ? qla_async_scan_sp_done+0x114/0x1f0 [qla2xxx] [105954.384980] ? qla24xx_els_ct_entry+0x4de/0x760 [qla2xxx] [105954.384999] ? __wake_up_common+0x80/0x190 [105954.385004] ? qla24xx_process_response_queue+0xc2/0xaa0 [qla2xxx] [105954.385023] ? qla24xx_msix_rsp_q+0x44/0xb0 [qla2xxx] [105954.385040] ? __handle_irq_event_percpu+0x3d/0x190 [105954.385044] ? handle_irq_event+0x58/0xb0 [105954.385046] ? handle_edge_irq+0x93/0x240 [105954.385050] ? __common_interrupt+0x41/0xa0 [105954.385055] ? common_interrupt+0x3e/0xa0 [105954.385060] ? asm_common_interrupt+0x22/0x40 The root cause of this was that there was a free (dma_free_attrs) in the interrupt context. There was a device discovery/fabric scan in progress. A module unload was issued which set the UNLOADING flag. As part of the discovery, after receiving an interrupt a work queue was scheduled (which involved a work to be queued). Since the UNLOADING flag is set, the work item was not allocated and the mapped memory had to be freed. The free occurred in interrupt context leading to system crash. Delay the driver unload until the fabric scan is complete to avoid the crash.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 783e0dc4f66ade6bbd8833b6bae778158d54c1a6 , < d8af012f92eee021c6ebb7093e65813c926c336b (git)
Affected: 783e0dc4f66ade6bbd8833b6bae778158d54c1a6 , < 891f9969a29e9767a453cef4811c8d2472ccab49 (git)
Affected: 783e0dc4f66ade6bbd8833b6bae778158d54c1a6 , < 984dc1a51bf6fc3ca4e726abe790ec38952935d8 (git)
Affected: 783e0dc4f66ade6bbd8833b6bae778158d54c1a6 , < 528b2f1027edfb52af0171f0f4b227fb356dde05 (git)
Affected: 783e0dc4f66ade6bbd8833b6bae778158d54c1a6 , < d70f71d4c92bcb8b6a21ac62d4ea3e87721f4f32 (git)
Affected: 783e0dc4f66ade6bbd8833b6bae778158d54c1a6 , < c068ebbaf52820d6bdefb9b405a1e426663c635a (git)
Affected: 783e0dc4f66ade6bbd8833b6bae778158d54c1a6 , < 7062eb0c488f35730334daad9495d9265c574853 (git)
Affected: 783e0dc4f66ade6bbd8833b6bae778158d54c1a6 , < 8890bf450e0b6b283f48ac619fca5ac2f14ddd62 (git)
Create a notification for this product.
    Linux Linux Affected: 4.8
Unaffected: 0 , < 4.8 (semver)
Unaffected: 5.10.251 , ≤ 5.10.* (semver)
Unaffected: 5.15.201 , ≤ 5.15.* (semver)
Unaffected: 6.1.164 , ≤ 6.1.* (semver)
Unaffected: 6.6.125 , ≤ 6.6.* (semver)
Unaffected: 6.12.72 , ≤ 6.12.* (semver)
Unaffected: 6.18.11 , ≤ 6.18.* (semver)
Unaffected: 6.19.1 , ≤ 6.19.* (semver)
Unaffected: 7.0-rc1 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/qla2xxx/qla_os.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d8af012f92eee021c6ebb7093e65813c926c336b",
              "status": "affected",
              "version": "783e0dc4f66ade6bbd8833b6bae778158d54c1a6",
              "versionType": "git"
            },
            {
              "lessThan": "891f9969a29e9767a453cef4811c8d2472ccab49",
              "status": "affected",
              "version": "783e0dc4f66ade6bbd8833b6bae778158d54c1a6",
              "versionType": "git"
            },
            {
              "lessThan": "984dc1a51bf6fc3ca4e726abe790ec38952935d8",
              "status": "affected",
              "version": "783e0dc4f66ade6bbd8833b6bae778158d54c1a6",
              "versionType": "git"
            },
            {
              "lessThan": "528b2f1027edfb52af0171f0f4b227fb356dde05",
              "status": "affected",
              "version": "783e0dc4f66ade6bbd8833b6bae778158d54c1a6",
              "versionType": "git"
            },
            {
              "lessThan": "d70f71d4c92bcb8b6a21ac62d4ea3e87721f4f32",
              "status": "affected",
              "version": "783e0dc4f66ade6bbd8833b6bae778158d54c1a6",
              "versionType": "git"
            },
            {
              "lessThan": "c068ebbaf52820d6bdefb9b405a1e426663c635a",
              "status": "affected",
              "version": "783e0dc4f66ade6bbd8833b6bae778158d54c1a6",
              "versionType": "git"
            },
            {
              "lessThan": "7062eb0c488f35730334daad9495d9265c574853",
              "status": "affected",
              "version": "783e0dc4f66ade6bbd8833b6bae778158d54c1a6",
              "versionType": "git"
            },
            {
              "lessThan": "8890bf450e0b6b283f48ac619fca5ac2f14ddd62",
              "status": "affected",
              "version": "783e0dc4f66ade6bbd8833b6bae778158d54c1a6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/qla2xxx/qla_os.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.8"
            },
            {
              "lessThan": "4.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.251",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.201",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.164",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.125",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.72",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0-rc1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.251",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.201",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.164",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.125",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.72",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.11",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.1",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0-rc1",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Delay module unload while fabric scan in progress\n\nSystem crash seen during load/unload test in a loop.\n\n[105954.384919] RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086\n[105954.384920] R10: 000000000000000f R11: ffffa31240904be5 R12: ffff914605f868e0\n[105954.384921] R13: ffff914605f86910 R14: 0000000000008010 R15: 00000000ddb7c000\n[105954.384923] FS:  0000000000000000(0000) GS:ffff9163fec40000(0000) knlGS:0000000000000000\n[105954.384925] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[105954.384926] CR2: 000055d31ce1d6a0 CR3: 0000000119f5e001 CR4: 0000000000770ee0\n[105954.384928] PKRU: 55555554\n[105954.384929] Call Trace:\n[105954.384931]  \u003cIRQ\u003e\n[105954.384934]  qla24xx_sp_unmap+0x1f3/0x2a0 [qla2xxx]\n[105954.384962]  ? qla_async_scan_sp_done+0x114/0x1f0 [qla2xxx]\n[105954.384980]  ? qla24xx_els_ct_entry+0x4de/0x760 [qla2xxx]\n[105954.384999]  ? __wake_up_common+0x80/0x190\n[105954.385004]  ? qla24xx_process_response_queue+0xc2/0xaa0 [qla2xxx]\n[105954.385023]  ? qla24xx_msix_rsp_q+0x44/0xb0 [qla2xxx]\n[105954.385040]  ? __handle_irq_event_percpu+0x3d/0x190\n[105954.385044]  ? handle_irq_event+0x58/0xb0\n[105954.385046]  ? handle_edge_irq+0x93/0x240\n[105954.385050]  ? __common_interrupt+0x41/0xa0\n[105954.385055]  ? common_interrupt+0x3e/0xa0\n[105954.385060]  ? asm_common_interrupt+0x22/0x40\n\nThe root cause of this was that there was a free (dma_free_attrs) in the\ninterrupt context.  There was a device discovery/fabric scan in\nprogress.  A module unload was issued which set the UNLOADING flag.  As\npart of the discovery, after receiving an interrupt a work queue was\nscheduled (which involved a work to be queued).  Since the UNLOADING\nflag is set, the work item was not allocated and the mapped memory had\nto be freed.  The free occurred in interrupt context leading to system\ncrash.  Delay the driver unload until the fabric scan is complete to\navoid the crash."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-23T03:16:18.318Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d8af012f92eee021c6ebb7093e65813c926c336b"
        },
        {
          "url": "https://git.kernel.org/stable/c/891f9969a29e9767a453cef4811c8d2472ccab49"
        },
        {
          "url": "https://git.kernel.org/stable/c/984dc1a51bf6fc3ca4e726abe790ec38952935d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/528b2f1027edfb52af0171f0f4b227fb356dde05"
        },
        {
          "url": "https://git.kernel.org/stable/c/d70f71d4c92bcb8b6a21ac62d4ea3e87721f4f32"
        },
        {
          "url": "https://git.kernel.org/stable/c/c068ebbaf52820d6bdefb9b405a1e426663c635a"
        },
        {
          "url": "https://git.kernel.org/stable/c/7062eb0c488f35730334daad9495d9265c574853"
        },
        {
          "url": "https://git.kernel.org/stable/c/8890bf450e0b6b283f48ac619fca5ac2f14ddd62"
        }
      ],
      "title": "scsi: qla2xxx: Delay module unload while fabric scan in progress",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-71235",
    "datePublished": "2026-02-18T14:53:20.222Z",
    "dateReserved": "2026-02-18T14:25:13.845Z",
    "dateUpdated": "2026-02-23T03:16:18.318Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-71235\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-02-18T16:22:30.293\",\"lastModified\":\"2026-02-23T04:15:59.643\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nscsi: qla2xxx: Delay module unload while fabric scan in progress\\n\\nSystem crash seen during load/unload test in a loop.\\n\\n[105954.384919] RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086\\n[105954.384920] R10: 000000000000000f R11: ffffa31240904be5 R12: ffff914605f868e0\\n[105954.384921] R13: ffff914605f86910 R14: 0000000000008010 R15: 00000000ddb7c000\\n[105954.384923] FS:  0000000000000000(0000) GS:ffff9163fec40000(0000) knlGS:0000000000000000\\n[105954.384925] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\n[105954.384926] CR2: 000055d31ce1d6a0 CR3: 0000000119f5e001 CR4: 0000000000770ee0\\n[105954.384928] PKRU: 55555554\\n[105954.384929] Call Trace:\\n[105954.384931]  \u003cIRQ\u003e\\n[105954.384934]  qla24xx_sp_unmap+0x1f3/0x2a0 [qla2xxx]\\n[105954.384962]  ? qla_async_scan_sp_done+0x114/0x1f0 [qla2xxx]\\n[105954.384980]  ? qla24xx_els_ct_entry+0x4de/0x760 [qla2xxx]\\n[105954.384999]  ? __wake_up_common+0x80/0x190\\n[105954.385004]  ? qla24xx_process_response_queue+0xc2/0xaa0 [qla2xxx]\\n[105954.385023]  ? qla24xx_msix_rsp_q+0x44/0xb0 [qla2xxx]\\n[105954.385040]  ? __handle_irq_event_percpu+0x3d/0x190\\n[105954.385044]  ? handle_irq_event+0x58/0xb0\\n[105954.385046]  ? handle_edge_irq+0x93/0x240\\n[105954.385050]  ? __common_interrupt+0x41/0xa0\\n[105954.385055]  ? common_interrupt+0x3e/0xa0\\n[105954.385060]  ? asm_common_interrupt+0x22/0x40\\n\\nThe root cause of this was that there was a free (dma_free_attrs) in the\\ninterrupt context.  There was a device discovery/fabric scan in\\nprogress.  A module unload was issued which set the UNLOADING flag.  As\\npart of the discovery, after receiving an interrupt a work queue was\\nscheduled (which involved a work to be queued).  Since the UNLOADING\\nflag is set, the work item was not allocated and the mapped memory had\\nto be freed.  The free occurred in interrupt context leading to system\\ncrash.  Delay the driver unload until the fabric scan is complete to\\navoid the crash.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\\n\\nscsi: qla2xxx: Retrasar la descarga del m\u00f3dulo mientras el escaneo de la estructura est\u00e1 en progreso\\n\\nFallo del sistema observado durante la prueba de carga/descarga en un bucle.\\n\\n[105954.384919] RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086\\n[105954.384920] R10: 000000000000000f R11: ffffa31240904be5 R12: ffff914605f868e0\\n[105954.384921] R13: ffff914605f86910 R14: 0000000000008010 R15: 00000000ddb7c000\\n[105954.384923] FS:  0000000000000000(0000) GS:ffff9163fec40000(0000) knlGS:0000000000000000\\n[105954.384925] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\n[105954.384926] CR2: 000055d31ce1d6a0 CR3: 0000000119f5e001 CR4: 0000000000770ee0\\n[105954.384928] PKRU: 55555554\\n[105954.384929] Call Trace:\\n[105954.384931]  \\n[105954.384934]  qla24xx_sp_unmap+0x1f3/0x2a0 [qla2xxx]\\n[105954.384962]  ? qla_async_scan_sp_done+0x114/0x1f0 [qla2xxx]\\n[105954.384980]  ? qla24xx_els_ct_entry+0x4de/0x760 [qla2xxx]\\n[105954.384999]  ? __wake_up_common+0x80/0x190\\n[105954.385004]  ? qla24xx_process_response_queue+0xc2/0xaa0 [qla2xxx]\\n[105954.385023]  ? qla24xx_msix_rsp_q+0x44/0xb0 [qla2xxx]\\n[105954.385040]  ? __handle_irq_event_percpu+0x3d/0x190\\n[105954.385044]  ? handle_irq_event+0x58/0xb0\\n[105954.385046]  ? handle_edge_irq+0x93/0x240\\n[105954.385050]  ? __common_interrupt+0x41/0xa0\\n[105954.385055]  ? common_interrupt+0x3e/0xa0\\n[105954.385060]  ? asm_common_interrupt+0x22/0x40\\n\\nLa causa ra\u00edz de esto fue que hubo una liberaci\u00f3n (dma_free_attrs) en el contexto de interrupci\u00f3n. Hab\u00eda un descubrimiento de dispositivo/escaneo de la estructura en progreso. Se emiti\u00f3 una descarga de m\u00f3dulo que estableci\u00f3 la bandera UNLOADING. Como parte del descubrimiento, despu\u00e9s de recibir una interrupci\u00f3n, se program\u00f3 una cola de trabajo (lo que implic\u00f3 un trabajo a encolar). Dado que la bandera UNLOADING est\u00e1 establecida, el elemento de trabajo no fue asignado y la memoria mapeada tuvo que ser liberada. La liberaci\u00f3n ocurri\u00f3 en el contexto de interrupci\u00f3n, lo que llev\u00f3 a un fallo del sistema. Retrasar la descarga del controlador hasta que el escaneo de la estructura est\u00e9 completo para evitar el fallo.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/528b2f1027edfb52af0171f0f4b227fb356dde05\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7062eb0c488f35730334daad9495d9265c574853\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8890bf450e0b6b283f48ac619fca5ac2f14ddd62\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/891f9969a29e9767a453cef4811c8d2472ccab49\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/984dc1a51bf6fc3ca4e726abe790ec38952935d8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c068ebbaf52820d6bdefb9b405a1e426663c635a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d70f71d4c92bcb8b6a21ac62d4ea3e87721f4f32\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d8af012f92eee021c6ebb7093e65813c926c336b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.