CVE-2025-38238
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38238
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38238.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-38238
- Downstream
- Related
- Published
- 2025-07-09T10:42:23.538Z
- Modified
- 2025-11-20T09:01:42.480780Z
- Summary
- scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
scsi: fnic: Fix crash in fnicwqcmpl_handler when FDMI times out
When both the RHBA and RPA FDMI requests time out, fnic reuses a frame to send ABTS for each of them. On send completion, this causes an attempt to free the same frame twice that leads to a crash.
Fix crash by allocating separate frames for RHBA and RPA, and modify ABTS logic accordingly.
Tested by checking MDS for FDMI information.
Tested by using instrumented driver to:
- Drop PLOGI response
- Drop RHBA response
- Drop RPA response
- Drop RHBA and RPA response
- Drop PLOGI response + ABTS response
- Drop RHBA response + ABTS response
- Drop RPA response + ABTS response
- Drop RHBA and RPA response + ABTS response for both of them
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced09c1e6ab4ab2a107d96f119950dc330e446dc2b0Fixed09679e9abedfbc5a2590759a1a7893c1c26e6044
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced09c1e6ab4ab2a107d96f119950dc330e446dc2b0Fixeda35b29bdedb4d2ae3160d4d6684a6f1ecd9ca7c2
Affected versions
v6.*
v6.13
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.15.1
v6.15.2
v6.15.3
v6.15.4
v6.16-rc1
Database specific
vanir_signatures
[
{
"target": {
"file": "drivers/scsi/fnic/fdls_disc.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"284964889802946805166779075429278195214",
"296412773894540975542512986213448471521",
"244411928430916317863503732632879119855",
"9033756209757629687014637131927012262",
"137395146666760043213701244230235746705",
"96760990154111779554012960484112481702",
"27299933374741120207262430688147515343",
"243825475573761510904582556751009448349",
"143443475501062820415919900149040666901",
"243598972325110354252169268650373927945",
"112644070579803539634749038298043874369",
"106232946736094702711721012447476990819",
"1311701946098815019607314665292221733",
"208837252576512762382672787271965456425",
"238655339237649177388829889849104074243",
"270590329151807655325520481894954181287",
"41247195451988565040025201263942472836",
"300437813409234738247701806073273378141",
"63162146702079317643072882068123183898",
"242306847428173743481034783836219630365",
"107628255867156853043900847356506441640",
"314753825744655912710815429200950030715",
"299112516954819075429585182018847196425",
"270799628620928510158495567070403837440",
"91879140713920871785189769689463522334",
"209549553899726405350889995303309436799",
"220852945658182280326189668706582061754",
"251673266083444968002920303715103104593",
"43860478518476329601253552976463420411",
"58229535679139368433957866719719751750",
"104312514870708631343097171979477781329",
"213269158464462100709424128955923779497",
"79140018141284554293695135700300950716",
"304167652019758194951625718876256121072",
"184236988945824081739213888937657315484",
"281723870215960413239866554905566669487",
"332251908886567685250684448658371204702",
"154748675492830588372525079017776542439",
"223025244664790964289683723705230660198",
"6595288376811131812253826248206729316",
"281679992100400915797169884980331114488",
"175866604783538259938108053236575881845",
"80250472156219883944637429285781718074",
"112184741764854209802641491128370634942",
"265827603854874110529609326659887838063",
"318911446317513298562316319632628356939",
"247851559715177461691146188276176540201",
"3662497738813570198197006352546305142",
"102386118163955071948745431211061413317",
"105224292630052781433257038123717436716",
"76765021862196859835764677838510345358",
"72873771173114147405804724412598165240",
"132407419657966323846427886841988695593",
"255895251124687055538708865931039732016",
"178928144929845530179081788546190376605",
"151207545025563446576002323952129974956",
"124756450435303275346582072339999667527",
"2370543296236347799865265622820039368",
"323462501681699305163322348550769844756",
"12214484008311656434985496052698480333",
"301159542717260650855415424010657512295",
"158957554968895883288057697245111513622",
"38210005106122676265546701362772609395",
"143723009607087062523109343911685194302",
"5885710450250820056082046354547778984",
"314831923628270685309842631482494181769",
"49817890069472850900044026049094935450"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a35b29bdedb4d2ae3160d4d6684a6f1ecd9ca7c2",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2025-38238-15311d0f"
},
{
"target": {
"file": "drivers/scsi/fnic/fdls_disc.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"284964889802946805166779075429278195214",
"296412773894540975542512986213448471521",
"244411928430916317863503732632879119855",
"9033756209757629687014637131927012262",
"137395146666760043213701244230235746705",
"96760990154111779554012960484112481702",
"27299933374741120207262430688147515343",
"243825475573761510904582556751009448349",
"143443475501062820415919900149040666901",
"243598972325110354252169268650373927945",
"112644070579803539634749038298043874369",
"106232946736094702711721012447476990819",
"1311701946098815019607314665292221733",
"208837252576512762382672787271965456425",
"238655339237649177388829889849104074243",
"270590329151807655325520481894954181287",
"41247195451988565040025201263942472836",
"300437813409234738247701806073273378141",
"63162146702079317643072882068123183898",
"242306847428173743481034783836219630365",
"107628255867156853043900847356506441640",
"314753825744655912710815429200950030715",
"299112516954819075429585182018847196425",
"270799628620928510158495567070403837440",
"91879140713920871785189769689463522334",
"209549553899726405350889995303309436799",
"220852945658182280326189668706582061754",
"251673266083444968002920303715103104593",
"43860478518476329601253552976463420411",
"58229535679139368433957866719719751750",
"104312514870708631343097171979477781329",
"213269158464462100709424128955923779497",
"79140018141284554293695135700300950716",
"304167652019758194951625718876256121072",
"184236988945824081739213888937657315484",
"281723870215960413239866554905566669487",
"332251908886567685250684448658371204702",
"154748675492830588372525079017776542439",
"223025244664790964289683723705230660198",
"6595288376811131812253826248206729316",
"281679992100400915797169884980331114488",
"277609777170220561011331344002132698337",
"80250472156219883944637429285781718074",
"112184741764854209802641491128370634942",
"265827603854874110529609326659887838063",
"318911446317513298562316319632628356939",
"247851559715177461691146188276176540201",
"3662497738813570198197006352546305142",
"102386118163955071948745431211061413317",
"105224292630052781433257038123717436716",
"76765021862196859835764677838510345358",
"72873771173114147405804724412598165240",
"132407419657966323846427886841988695593",
"255895251124687055538708865931039732016",
"178928144929845530179081788546190376605",
"151207545025563446576002323952129974956",
"124756450435303275346582072339999667527",
"2370543296236347799865265622820039368",
"323462501681699305163322348550769844756",
"12214484008311656434985496052698480333",
"301159542717260650855415424010657512295",
"158957554968895883288057697245111513622",
"38210005106122676265546701362772609395",
"143723009607087062523109343911685194302",
"5885710450250820056082046354547778984",
"314831923628270685309842631482494181769",
"49817890069472850900044026049094935450"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@09679e9abedfbc5a2590759a1a7893c1c26e6044",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2025-38238-2d977501"
},
{
"target": {
"function": "fdls_process_fdmi_abts_rsp",
"file": "drivers/scsi/fnic/fdls_disc.c"
},
"signature_version": "v1",
"digest": {
"length": 965.0,
"function_hash": "75806359448286348225941334729564096724"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@09679e9abedfbc5a2590759a1a7893c1c26e6044",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2025-38238-3893fcbf"
},
{
"target": {
"function": "fdls_process_fdmi_abts_rsp",
"file": "drivers/scsi/fnic/fdls_disc.c"
},
"signature_version": "v1",
"digest": {
"length": 965.0,
"function_hash": "75806359448286348225941334729564096724"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a35b29bdedb4d2ae3160d4d6684a6f1ecd9ca7c2",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2025-38238-39b16b63"
},
{
"target": {
"file": "drivers/scsi/fnic/fnic_fdls.h"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"334995248075712716340984570073720547185",
"246685179637898597641640297231620225458",
"190357263226936614721155257827068139335",
"202287353745249750833189456280986422743"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a35b29bdedb4d2ae3160d4d6684a6f1ecd9ca7c2",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2025-38238-7029cfa3"
},
{
"target": {
"function": "fdls_send_fdmi_abts",
"file": "drivers/scsi/fnic/fdls_disc.c"
},
"signature_version": "v1",
"digest": {
"length": 1207.0,
"function_hash": "16829174724745074376790005982707883018"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a35b29bdedb4d2ae3160d4d6684a6f1ecd9ca7c2",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2025-38238-8ac5887b"
},
{
"target": {
"function": "fdls_send_fdmi_abts",
"file": "drivers/scsi/fnic/fdls_disc.c"
},
"signature_version": "v1",
"digest": {
"length": 1207.0,
"function_hash": "16829174724745074376790005982707883018"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@09679e9abedfbc5a2590759a1a7893c1c26e6044",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2025-38238-8e819dfc"
},
{
"target": {
"function": "fdls_fdmi_timer_callback",
"file": "drivers/scsi/fnic/fdls_disc.c"
},
"signature_version": "v1",
"digest": {
"length": 1750.0,
"function_hash": "259541487987011035025205189202786777885"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@09679e9abedfbc5a2590759a1a7893c1c26e6044",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2025-38238-98bc3e1a"
},
{
"target": {
"file": "drivers/scsi/fnic/fnic_fdls.h"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"334995248075712716340984570073720547185",
"246685179637898597641640297231620225458",
"190357263226936614721155257827068139335",
"202287353745249750833189456280986422743"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@09679e9abedfbc5a2590759a1a7893c1c26e6044",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2025-38238-a423c644"
},
{
"target": {
"function": "fdls_fdmi_timer_callback",
"file": "drivers/scsi/fnic/fdls_disc.c"
},
"signature_version": "v1",
"digest": {
"length": 1750.0,
"function_hash": "259541487987011035025205189202786777885"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a35b29bdedb4d2ae3160d4d6684a6f1ecd9ca7c2",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2025-38238-a7633b2c"
}
]