{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2025-71232", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-02-18T14:25:13.845Z", "datePublished": "2026-02-18T14:53:16.709Z", "dateUpdated": "2026-06-11T18:44:03.826Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:56:53.439Z" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Free sp in error path to fix system crash\n\nSystem crash seen during load/unload test in a loop,\n\n[61110.449331] qla2xxx [0000:27:00.0]-0042:0: Disabled MSI-X.\n[61110.467494] =============================================================================\n[61110.467498] BUG qla2xxx_srbs (Tainted: G OE -------- --- ): Objects remaining in qla2xxx_srbs on __kmem_cache_shutdown()\n[61110.467501] -----------------------------------------------------------------------------\n\n[61110.467502] Slab 0x000000000ffc8162 objects=51 used=1 fp=0x00000000e25d3d85 flags=0x57ffffc0010200(slab|head|node=1|zone=2|lastcpupid=0x1fffff)\n[61110.467509] CPU: 53 PID: 455206 Comm: rmmod Kdump: loaded Tainted: G OE -------- --- 5.14.0-284.11.1.el9_2.x86_64 #1\n[61110.467513] Hardware name: HPE ProLiant DL385 Gen10 Plus v2/ProLiant DL385 Gen10 Plus v2, BIOS A42 08/17/2023\n[61110.467515] Call Trace:\n[61110.467516] \n[61110.467519] dump_stack_lvl+0x34/0x48\n[61110.467526] slab_err.cold+0x53/0x67\n[61110.467534] __kmem_cache_shutdown+0x16e/0x320\n[61110.467540] kmem_cache_destroy+0x51/0x160\n[61110.467544] qla2x00_module_exit+0x93/0x99 [qla2xxx]\n[61110.467607] ? __do_sys_delete_module.constprop.0+0x178/0x280\n[61110.467613] ? syscall_trace_enter.constprop.0+0x145/0x1d0\n[61110.467616] ? do_syscall_64+0x5c/0x90\n[61110.467619] ? exc_page_fault+0x62/0x150\n[61110.467622] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[61110.467626] \n[61110.467627] Disabling lock debugging due to kernel taint\n[61110.467635] Object 0x0000000026f7e6e6 @offset=16000\n[61110.467639] ------------[ cut here ]------------\n[61110.467639] kmem_cache_destroy qla2xxx_srbs: Slab cache still has objects when called from qla2x00_module_exit+0x93/0x99 [qla2xxx]\n[61110.467659] WARNING: CPU: 53 PID: 455206 at mm/slab_common.c:520 kmem_cache_destroy+0x14d/0x160\n[61110.467718] CPU: 53 PID: 455206 Comm: rmmod Kdump: loaded Tainted: G B OE -------- --- 5.14.0-284.11.1.el9_2.x86_64 #1\n[61110.467720] Hardware name: HPE ProLiant DL385 Gen10 Plus v2/ProLiant DL385 Gen10 Plus v2, BIOS A42 08/17/2023\n[61110.467721] RIP: 0010:kmem_cache_destroy+0x14d/0x160\n[61110.467724] Code: 99 7d 07 00 48 89 ef e8 e1 6a 07 00 eb b3 48 8b 55 60 48 8b 4c 24 20 48 c7 c6 70 fc 66 90 48 c7 c7 f8 ef a1 90 e8 e1 ed 7c 00 <0f> 0b eb 93 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 55 48 89\n[61110.467725] RSP: 0018:ffffa304e489fe80 EFLAGS: 00010282\n[61110.467727] RAX: 0000000000000000 RBX: ffffffffc0d9a860 RCX: 0000000000000027\n[61110.467729] RDX: ffff8fd5ff9598a8 RSI: 0000000000000001 RDI: ffff8fd5ff9598a0\n[61110.467730] RBP: ffff8fb6aaf78700 R08: 0000000000000000 R09: 0000000100d863b7\n[61110.467731] R10: ffffa304e489fd20 R11: ffffffff913bef48 R12: 0000000040002000\n[61110.467731] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[61110.467733] FS: 00007f64c89fb740(0000) GS:ffff8fd5ff940000(0000) knlGS:0000000000000000\n[61110.467734] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[61110.467735] CR2: 00007f0f02bfe000 CR3: 00000020ad6dc005 CR4: 0000000000770ee0\n[61110.467736] PKRU: 55555554\n[61110.467737] Call Trace:\n[61110.467738] \n[61110.467739] qla2x00_module_exit+0x93/0x99 [qla2xxx]\n[61110.467755] ? __do_sys_delete_module.constprop.0+0x178/0x280\n\nFree sp in the error path to fix the crash." } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "drivers/scsi/qla2xxx/qla_gs.c" ], "versions": [ { "version": "f352eeb75419d2b693df7cc5957f7427c2b9b3ea", "lessThan": "b410ab8b9431d6d63d04caa1d69909fcc8b25eae", "status": "affected", "versionType": "git" }, { "version": "f352eeb75419d2b693df7cc5957f7427c2b9b3ea", "lessThan": "b74408de1f2264220979f0c6a5a9d5e50b5b534b", "status": "affected", "versionType": "git" }, { "version": "f352eeb75419d2b693df7cc5957f7427c2b9b3ea", "lessThan": "8e7597b4efee6143439641bc6522f247d585e060", "status": "affected", "versionType": "git" }, { "version": "f352eeb75419d2b693df7cc5957f7427c2b9b3ea", "lessThan": "aed16d37696f494288a291b4b477484ed0be774b", "status": "affected", "versionType": "git" }, { "version": "f352eeb75419d2b693df7cc5957f7427c2b9b3ea", "lessThan": "05fcd590e5fbbb3e9e1b4fc6c23c98a1d38cf256", "status": "affected", "versionType": "git" }, { "version": "f352eeb75419d2b693df7cc5957f7427c2b9b3ea", "lessThan": "f04840512438ac025dea6e357d80a986b28bbe4c", "status": "affected", "versionType": "git" }, { "version": "f352eeb75419d2b693df7cc5957f7427c2b9b3ea", "lessThan": "19ac050ef09a2f0a9d9787540f77bb45cf9033e8", "status": "affected", "versionType": "git" }, { "version": "f352eeb75419d2b693df7cc5957f7427c2b9b3ea", "lessThan": "7adbd2b7809066c75f0433e5e2a8e114b429f30f", "status": "affected", "versionType": "git" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "drivers/scsi/qla2xxx/qla_gs.c" ], "versions": [ { "version": "4.16", "status": "affected" }, { "version": "0", "lessThan": "4.16", "status": "unaffected", "versionType": "semver" }, { "version": "5.10.251", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.15.201", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.1.164", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.6.125", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.12.72", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.18.11", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.19.1", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver" }, { "version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "5.10.251" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "5.15.201" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "6.1.164" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "6.6.125" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "6.12.72" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "6.18.11" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "6.19.1" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "7.0" } ] } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/b410ab8b9431d6d63d04caa1d69909fcc8b25eae" }, { "url": "https://git.kernel.org/stable/c/b74408de1f2264220979f0c6a5a9d5e50b5b534b" }, { "url": "https://git.kernel.org/stable/c/8e7597b4efee6143439641bc6522f247d585e060" }, { "url": "https://git.kernel.org/stable/c/aed16d37696f494288a291b4b477484ed0be774b" }, { "url": "https://git.kernel.org/stable/c/05fcd590e5fbbb3e9e1b4fc6c23c98a1d38cf256" }, { "url": "https://git.kernel.org/stable/c/f04840512438ac025dea6e357d80a986b28bbe4c" }, { "url": "https://git.kernel.org/stable/c/19ac050ef09a2f0a9d9787540f77bb45cf9033e8" }, { "url": "https://git.kernel.org/stable/c/7adbd2b7809066c75f0433e5e2a8e114b429f30f" } ], "title": "scsi: qla2xxx: Free sp in error path to fix system crash", "x_generator": { "engine": "bippy-1.2.0" } }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "id": "CVE-2025-71232", "role": "CISA Coordinator", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "version": "2.0.3", "timestamp": "2026-06-10T20:40:38.659915Z" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-11T18:44:03.826Z" } } ] } }