CVE-2025-71235 (GCVE-0-2025-71235)

Vulnerability from cvelistv5 – Published: 2026-02-18 14:53 – Updated: 2026-02-18 14:53
VLAI?
Title
scsi: qla2xxx: Delay module unload while fabric scan in progress
Summary
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Delay module unload while fabric scan in progress System crash seen during load/unload test in a loop. [105954.384919] RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086 [105954.384920] R10: 000000000000000f R11: ffffa31240904be5 R12: ffff914605f868e0 [105954.384921] R13: ffff914605f86910 R14: 0000000000008010 R15: 00000000ddb7c000 [105954.384923] FS: 0000000000000000(0000) GS:ffff9163fec40000(0000) knlGS:0000000000000000 [105954.384925] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [105954.384926] CR2: 000055d31ce1d6a0 CR3: 0000000119f5e001 CR4: 0000000000770ee0 [105954.384928] PKRU: 55555554 [105954.384929] Call Trace: [105954.384931] <IRQ> [105954.384934] qla24xx_sp_unmap+0x1f3/0x2a0 [qla2xxx] [105954.384962] ? qla_async_scan_sp_done+0x114/0x1f0 [qla2xxx] [105954.384980] ? qla24xx_els_ct_entry+0x4de/0x760 [qla2xxx] [105954.384999] ? __wake_up_common+0x80/0x190 [105954.385004] ? qla24xx_process_response_queue+0xc2/0xaa0 [qla2xxx] [105954.385023] ? qla24xx_msix_rsp_q+0x44/0xb0 [qla2xxx] [105954.385040] ? __handle_irq_event_percpu+0x3d/0x190 [105954.385044] ? handle_irq_event+0x58/0xb0 [105954.385046] ? handle_edge_irq+0x93/0x240 [105954.385050] ? __common_interrupt+0x41/0xa0 [105954.385055] ? common_interrupt+0x3e/0xa0 [105954.385060] ? asm_common_interrupt+0x22/0x40 The root cause of this was that there was a free (dma_free_attrs) in the interrupt context. There was a device discovery/fabric scan in progress. A module unload was issued which set the UNLOADING flag. As part of the discovery, after receiving an interrupt a work queue was scheduled (which involved a work to be queued). Since the UNLOADING flag is set, the work item was not allocated and the mapped memory had to be freed. The free occurred in interrupt context leading to system crash. Delay the driver unload until the fabric scan is complete to avoid the crash.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 528b2f1027edfb52af0171f0f4b227fb356dde05 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d70f71d4c92bcb8b6a21ac62d4ea3e87721f4f32 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c068ebbaf52820d6bdefb9b405a1e426663c635a (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 7062eb0c488f35730334daad9495d9265c574853 (git)
Create a notification for this product.
    Linux Linux Unaffected: 6.6.125 , ≤ 6.6.* (semver)
Unaffected: 6.12.72 , ≤ 6.12.* (semver)
Unaffected: 6.18.11 , ≤ 6.18.* (semver)
Unaffected: 6.19.1 , ≤ 6.19.* (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/qla2xxx/qla_os.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "528b2f1027edfb52af0171f0f4b227fb356dde05",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "d70f71d4c92bcb8b6a21ac62d4ea3e87721f4f32",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c068ebbaf52820d6bdefb9b405a1e426663c635a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "7062eb0c488f35730334daad9495d9265c574853",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/qla2xxx/qla_os.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.125",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.72",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.125",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.72",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Delay module unload while fabric scan in progress\n\nSystem crash seen during load/unload test in a loop.\n\n[105954.384919] RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086\n[105954.384920] R10: 000000000000000f R11: ffffa31240904be5 R12: ffff914605f868e0\n[105954.384921] R13: ffff914605f86910 R14: 0000000000008010 R15: 00000000ddb7c000\n[105954.384923] FS:  0000000000000000(0000) GS:ffff9163fec40000(0000) knlGS:0000000000000000\n[105954.384925] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[105954.384926] CR2: 000055d31ce1d6a0 CR3: 0000000119f5e001 CR4: 0000000000770ee0\n[105954.384928] PKRU: 55555554\n[105954.384929] Call Trace:\n[105954.384931]  \u003cIRQ\u003e\n[105954.384934]  qla24xx_sp_unmap+0x1f3/0x2a0 [qla2xxx]\n[105954.384962]  ? qla_async_scan_sp_done+0x114/0x1f0 [qla2xxx]\n[105954.384980]  ? qla24xx_els_ct_entry+0x4de/0x760 [qla2xxx]\n[105954.384999]  ? __wake_up_common+0x80/0x190\n[105954.385004]  ? qla24xx_process_response_queue+0xc2/0xaa0 [qla2xxx]\n[105954.385023]  ? qla24xx_msix_rsp_q+0x44/0xb0 [qla2xxx]\n[105954.385040]  ? __handle_irq_event_percpu+0x3d/0x190\n[105954.385044]  ? handle_irq_event+0x58/0xb0\n[105954.385046]  ? handle_edge_irq+0x93/0x240\n[105954.385050]  ? __common_interrupt+0x41/0xa0\n[105954.385055]  ? common_interrupt+0x3e/0xa0\n[105954.385060]  ? asm_common_interrupt+0x22/0x40\n\nThe root cause of this was that there was a free (dma_free_attrs) in the\ninterrupt context.  There was a device discovery/fabric scan in\nprogress.  A module unload was issued which set the UNLOADING flag.  As\npart of the discovery, after receiving an interrupt a work queue was\nscheduled (which involved a work to be queued).  Since the UNLOADING\nflag is set, the work item was not allocated and the mapped memory had\nto be freed.  The free occurred in interrupt context leading to system\ncrash.  Delay the driver unload until the fabric scan is complete to\navoid the crash."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-18T14:53:20.222Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/528b2f1027edfb52af0171f0f4b227fb356dde05"
        },
        {
          "url": "https://git.kernel.org/stable/c/d70f71d4c92bcb8b6a21ac62d4ea3e87721f4f32"
        },
        {
          "url": "https://git.kernel.org/stable/c/c068ebbaf52820d6bdefb9b405a1e426663c635a"
        },
        {
          "url": "https://git.kernel.org/stable/c/7062eb0c488f35730334daad9495d9265c574853"
        }
      ],
      "title": "scsi: qla2xxx: Delay module unload while fabric scan in progress",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-71235",
    "datePublished": "2026-02-18T14:53:20.222Z",
    "dateReserved": "2026-02-18T14:25:13.845Z",
    "dateUpdated": "2026-02-18T14:53:20.222Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-71235\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-02-18T16:22:30.293\",\"lastModified\":\"2026-02-18T17:51:53.510\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nscsi: qla2xxx: Delay module unload while fabric scan in progress\\n\\nSystem crash seen during load/unload test in a loop.\\n\\n[105954.384919] RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086\\n[105954.384920] R10: 000000000000000f R11: ffffa31240904be5 R12: ffff914605f868e0\\n[105954.384921] R13: ffff914605f86910 R14: 0000000000008010 R15: 00000000ddb7c000\\n[105954.384923] FS:  0000000000000000(0000) GS:ffff9163fec40000(0000) knlGS:0000000000000000\\n[105954.384925] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\n[105954.384926] CR2: 000055d31ce1d6a0 CR3: 0000000119f5e001 CR4: 0000000000770ee0\\n[105954.384928] PKRU: 55555554\\n[105954.384929] Call Trace:\\n[105954.384931]  \u003cIRQ\u003e\\n[105954.384934]  qla24xx_sp_unmap+0x1f3/0x2a0 [qla2xxx]\\n[105954.384962]  ? qla_async_scan_sp_done+0x114/0x1f0 [qla2xxx]\\n[105954.384980]  ? qla24xx_els_ct_entry+0x4de/0x760 [qla2xxx]\\n[105954.384999]  ? __wake_up_common+0x80/0x190\\n[105954.385004]  ? qla24xx_process_response_queue+0xc2/0xaa0 [qla2xxx]\\n[105954.385023]  ? qla24xx_msix_rsp_q+0x44/0xb0 [qla2xxx]\\n[105954.385040]  ? __handle_irq_event_percpu+0x3d/0x190\\n[105954.385044]  ? handle_irq_event+0x58/0xb0\\n[105954.385046]  ? handle_edge_irq+0x93/0x240\\n[105954.385050]  ? __common_interrupt+0x41/0xa0\\n[105954.385055]  ? common_interrupt+0x3e/0xa0\\n[105954.385060]  ? asm_common_interrupt+0x22/0x40\\n\\nThe root cause of this was that there was a free (dma_free_attrs) in the\\ninterrupt context.  There was a device discovery/fabric scan in\\nprogress.  A module unload was issued which set the UNLOADING flag.  As\\npart of the discovery, after receiving an interrupt a work queue was\\nscheduled (which involved a work to be queued).  Since the UNLOADING\\nflag is set, the work item was not allocated and the mapped memory had\\nto be freed.  The free occurred in interrupt context leading to system\\ncrash.  Delay the driver unload until the fabric scan is complete to\\navoid the crash.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/528b2f1027edfb52af0171f0f4b227fb356dde05\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7062eb0c488f35730334daad9495d9265c574853\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c068ebbaf52820d6bdefb9b405a1e426663c635a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d70f71d4c92bcb8b6a21ac62d4ea3e87721f4f32\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.