{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2025-71232",
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"state": "PUBLISHED",
"assignerShortName": "Linux",
"dateReserved": "2026-02-18T14:25:13.845Z",
"datePublished": "2026-02-18T14:53:16.709Z",
"dateUpdated": "2026-06-11T18:44:03.826Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux",
"dateUpdated": "2026-05-11T21:56:53.439Z"
},
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Free sp in error path to fix system crash\n\nSystem crash seen during load/unload test in a loop,\n\n[61110.449331] qla2xxx [0000:27:00.0]-0042:0: Disabled MSI-X.\n[61110.467494] =============================================================================\n[61110.467498] BUG qla2xxx_srbs (Tainted: G OE -------- --- ): Objects remaining in qla2xxx_srbs on __kmem_cache_shutdown()\n[61110.467501] -----------------------------------------------------------------------------\n\n[61110.467502] Slab 0x000000000ffc8162 objects=51 used=1 fp=0x00000000e25d3d85 flags=0x57ffffc0010200(slab|head|node=1|zone=2|lastcpupid=0x1fffff)\n[61110.467509] CPU: 53 PID: 455206 Comm: rmmod Kdump: loaded Tainted: G OE -------- --- 5.14.0-284.11.1.el9_2.x86_64 #1\n[61110.467513] Hardware name: HPE ProLiant DL385 Gen10 Plus v2/ProLiant DL385 Gen10 Plus v2, BIOS A42 08/17/2023\n[61110.467515] Call Trace:\n[61110.467516] \n[61110.467519] dump_stack_lvl+0x34/0x48\n[61110.467526] slab_err.cold+0x53/0x67\n[61110.467534] __kmem_cache_shutdown+0x16e/0x320\n[61110.467540] kmem_cache_destroy+0x51/0x160\n[61110.467544] qla2x00_module_exit+0x93/0x99 [qla2xxx]\n[61110.467607] ? __do_sys_delete_module.constprop.0+0x178/0x280\n[61110.467613] ? syscall_trace_enter.constprop.0+0x145/0x1d0\n[61110.467616] ? do_syscall_64+0x5c/0x90\n[61110.467619] ? exc_page_fault+0x62/0x150\n[61110.467622] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[61110.467626] \n[61110.467627] Disabling lock debugging due to kernel taint\n[61110.467635] Object 0x0000000026f7e6e6 @offset=16000\n[61110.467639] ------------[ cut here ]------------\n[61110.467639] kmem_cache_destroy qla2xxx_srbs: Slab cache still has objects when called from qla2x00_module_exit+0x93/0x99 [qla2xxx]\n[61110.467659] WARNING: CPU: 53 PID: 455206 at mm/slab_common.c:520 kmem_cache_destroy+0x14d/0x160\n[61110.467718] CPU: 53 PID: 455206 Comm: rmmod Kdump: loaded Tainted: G B OE -------- --- 5.14.0-284.11.1.el9_2.x86_64 #1\n[61110.467720] Hardware name: HPE ProLiant DL385 Gen10 Plus v2/ProLiant DL385 Gen10 Plus v2, BIOS A42 08/17/2023\n[61110.467721] RIP: 0010:kmem_cache_destroy+0x14d/0x160\n[61110.467724] Code: 99 7d 07 00 48 89 ef e8 e1 6a 07 00 eb b3 48 8b 55 60 48 8b 4c 24 20 48 c7 c6 70 fc 66 90 48 c7 c7 f8 ef a1 90 e8 e1 ed 7c 00 <0f> 0b eb 93 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 55 48 89\n[61110.467725] RSP: 0018:ffffa304e489fe80 EFLAGS: 00010282\n[61110.467727] RAX: 0000000000000000 RBX: ffffffffc0d9a860 RCX: 0000000000000027\n[61110.467729] RDX: ffff8fd5ff9598a8 RSI: 0000000000000001 RDI: ffff8fd5ff9598a0\n[61110.467730] RBP: ffff8fb6aaf78700 R08: 0000000000000000 R09: 0000000100d863b7\n[61110.467731] R10: ffffa304e489fd20 R11: ffffffff913bef48 R12: 0000000040002000\n[61110.467731] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[61110.467733] FS: 00007f64c89fb740(0000) GS:ffff8fd5ff940000(0000) knlGS:0000000000000000\n[61110.467734] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[61110.467735] CR2: 00007f0f02bfe000 CR3: 00000020ad6dc005 CR4: 0000000000770ee0\n[61110.467736] PKRU: 55555554\n[61110.467737] Call Trace:\n[61110.467738] \n[61110.467739] qla2x00_module_exit+0x93/0x99 [qla2xxx]\n[61110.467755] ? __do_sys_delete_module.constprop.0+0x178/0x280\n\nFree sp in the error path to fix the crash."
}
],
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/scsi/qla2xxx/qla_gs.c"
],
"versions": [
{
"version": "f352eeb75419d2b693df7cc5957f7427c2b9b3ea",
"lessThan": "b410ab8b9431d6d63d04caa1d69909fcc8b25eae",
"status": "affected",
"versionType": "git"
},
{
"version": "f352eeb75419d2b693df7cc5957f7427c2b9b3ea",
"lessThan": "b74408de1f2264220979f0c6a5a9d5e50b5b534b",
"status": "affected",
"versionType": "git"
},
{
"version": "f352eeb75419d2b693df7cc5957f7427c2b9b3ea",
"lessThan": "8e7597b4efee6143439641bc6522f247d585e060",
"status": "affected",
"versionType": "git"
},
{
"version": "f352eeb75419d2b693df7cc5957f7427c2b9b3ea",
"lessThan": "aed16d37696f494288a291b4b477484ed0be774b",
"status": "affected",
"versionType": "git"
},
{
"version": "f352eeb75419d2b693df7cc5957f7427c2b9b3ea",
"lessThan": "05fcd590e5fbbb3e9e1b4fc6c23c98a1d38cf256",
"status": "affected",
"versionType": "git"
},
{
"version": "f352eeb75419d2b693df7cc5957f7427c2b9b3ea",
"lessThan": "f04840512438ac025dea6e357d80a986b28bbe4c",
"status": "affected",
"versionType": "git"
},
{
"version": "f352eeb75419d2b693df7cc5957f7427c2b9b3ea",
"lessThan": "19ac050ef09a2f0a9d9787540f77bb45cf9033e8",
"status": "affected",
"versionType": "git"
},
{
"version": "f352eeb75419d2b693df7cc5957f7427c2b9b3ea",
"lessThan": "7adbd2b7809066c75f0433e5e2a8e114b429f30f",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/scsi/qla2xxx/qla_gs.c"
],
"versions": [
{
"version": "4.16",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.16",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.251",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.201",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.164",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.125",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.72",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.18.11",
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.19.1",
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "7.0",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.16",
"versionEndExcluding": "5.10.251"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.16",
"versionEndExcluding": "5.15.201"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.16",
"versionEndExcluding": "6.1.164"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.16",
"versionEndExcluding": "6.6.125"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.16",
"versionEndExcluding": "6.12.72"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.16",
"versionEndExcluding": "6.18.11"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.16",
"versionEndExcluding": "6.19.1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.16",
"versionEndExcluding": "7.0"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/b410ab8b9431d6d63d04caa1d69909fcc8b25eae"
},
{
"url": "https://git.kernel.org/stable/c/b74408de1f2264220979f0c6a5a9d5e50b5b534b"
},
{
"url": "https://git.kernel.org/stable/c/8e7597b4efee6143439641bc6522f247d585e060"
},
{
"url": "https://git.kernel.org/stable/c/aed16d37696f494288a291b4b477484ed0be774b"
},
{
"url": "https://git.kernel.org/stable/c/05fcd590e5fbbb3e9e1b4fc6c23c98a1d38cf256"
},
{
"url": "https://git.kernel.org/stable/c/f04840512438ac025dea6e357d80a986b28bbe4c"
},
{
"url": "https://git.kernel.org/stable/c/19ac050ef09a2f0a9d9787540f77bb45cf9033e8"
},
{
"url": "https://git.kernel.org/stable/c/7adbd2b7809066c75f0433e5e2a8e114b429f30f"
}
],
"title": "scsi: qla2xxx: Free sp in error path to fix system crash",
"x_generator": {
"engine": "bippy-1.2.0"
}
},
"adp": [
{
"metrics": [
{
"other": {
"type": "ssvc",
"content": {
"id": "CVE-2025-71232",
"role": "CISA Coordinator",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"version": "2.0.3",
"timestamp": "2026-06-10T20:40:38.659915Z"
}
}
}
],
"title": "CISA ADP Vulnrichment",
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2026-06-11T18:44:03.826Z"
}
}
]
}
}