CVE-2025-71235

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Delay module unload while fabric scan in progress System crash seen during load/unload test in a loop. [105954.384919] RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086 [105954.384920] R10: 000000000000000f R11: ffffa31240904be5 R12: ffff914605f868e0 [105954.384921] R13: ffff914605f86910 R14: 0000000000008010 R15: 00000000ddb7c000 [105954.384923] FS: 0000000000000000(0000) GS:ffff9163fec40000(0000) knlGS:0000000000000000 [105954.384925] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [105954.384926] CR2: 000055d31ce1d6a0 CR3: 0000000119f5e001 CR4: 0000000000770ee0 [105954.384928] PKRU: 55555554 [105954.384929] Call Trace: [105954.384931] <IRQ> [105954.384934] qla24xx_sp_unmap+0x1f3/0x2a0 [qla2xxx] [105954.384962] ? qla_async_scan_sp_done+0x114/0x1f0 [qla2xxx] [105954.384980] ? qla24xx_els_ct_entry+0x4de/0x760 [qla2xxx] [105954.384999] ? __wake_up_common+0x80/0x190 [105954.385004] ? qla24xx_process_response_queue+0xc2/0xaa0 [qla2xxx] [105954.385023] ? qla24xx_msix_rsp_q+0x44/0xb0 [qla2xxx] [105954.385040] ? __handle_irq_event_percpu+0x3d/0x190 [105954.385044] ? handle_irq_event+0x58/0xb0 [105954.385046] ? handle_edge_irq+0x93/0x240 [105954.385050] ? __common_interrupt+0x41/0xa0 [105954.385055] ? common_interrupt+0x3e/0xa0 [105954.385060] ? asm_common_interrupt+0x22/0x40 The root cause of this was that there was a free (dma_free_attrs) in the interrupt context. There was a device discovery/fabric scan in progress. A module unload was issued which set the UNLOADING flag. As part of the discovery, after receiving an interrupt a work queue was scheduled (which involved a work to be queued). Since the UNLOADING flag is set, the work item was not allocated and the mapped memory had to be freed. The free occurred in interrupt context leading to system crash. Delay the driver unload until the fabric scan is complete to avoid the crash.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/528b2f1027edfb52af0171f0f4b227fb356dde05	Patch
https://git.kernel.org/stable/c/7062eb0c488f35730334daad9495d9265c574853	Patch
https://git.kernel.org/stable/c/8890bf450e0b6b283f48ac619fca5ac2f14ddd62	Patch
https://git.kernel.org/stable/c/891f9969a29e9767a453cef4811c8d2472ccab49	Patch
https://git.kernel.org/stable/c/984dc1a51bf6fc3ca4e726abe790ec38952935d8	Patch
https://git.kernel.org/stable/c/c068ebbaf52820d6bdefb9b405a1e426663c635a	Patch
https://git.kernel.org/stable/c/d70f71d4c92bcb8b6a21ac62d4ea3e87721f4f32	Patch
https://git.kernel.org/stable/c/d8af012f92eee021c6ebb7093e65813c926c336b	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

18 Mar 2026, 17:07

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/528b2f1027edfb52af0171f0f4b227fb356dde05 -~~	() https://git.kernel.org/stable/c/528b2f1027edfb52af0171f0f4b227fb356dde05 - Patch
References	~~() https://git.kernel.org/stable/c/7062eb0c488f35730334daad9495d9265c574853 -~~	() https://git.kernel.org/stable/c/7062eb0c488f35730334daad9495d9265c574853 - Patch
References	~~() https://git.kernel.org/stable/c/8890bf450e0b6b283f48ac619fca5ac2f14ddd62 -~~	() https://git.kernel.org/stable/c/8890bf450e0b6b283f48ac619fca5ac2f14ddd62 - Patch
References	~~() https://git.kernel.org/stable/c/891f9969a29e9767a453cef4811c8d2472ccab49 -~~	() https://git.kernel.org/stable/c/891f9969a29e9767a453cef4811c8d2472ccab49 - Patch
References	~~() https://git.kernel.org/stable/c/984dc1a51bf6fc3ca4e726abe790ec38952935d8 -~~	() https://git.kernel.org/stable/c/984dc1a51bf6fc3ca4e726abe790ec38952935d8 - Patch
References	~~() https://git.kernel.org/stable/c/c068ebbaf52820d6bdefb9b405a1e426663c635a -~~	() https://git.kernel.org/stable/c/c068ebbaf52820d6bdefb9b405a1e426663c635a - Patch
References	~~() https://git.kernel.org/stable/c/d70f71d4c92bcb8b6a21ac62d4ea3e87721f4f32 -~~	() https://git.kernel.org/stable/c/d70f71d4c92bcb8b6a21ac62d4ea3e87721f4f32 - Patch
References	~~() https://git.kernel.org/stable/c/d8af012f92eee021c6ebb7093e65813c926c336b -~~	() https://git.kernel.org/stable/c/d8af012f92eee021c6ebb7093e65813c926c336b - Patch
CPE		cpe:2.3:o:linux:linux_kernel::::::::
First Time		Linux Linux linux Kernel
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		NVD-CWE-noinfo

23 Feb 2026, 04:15

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: scsi: qla2xxx: Retrasar la descarga del módulo mientras el escaneo de la estructura está en progreso Fallo del sistema observado durante la prueba de carga/descarga en un bucle. [105954.384919] RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086 [105954.384920] R10: 000000000000000f R11: ffffa31240904be5 R12: ffff914605f868e0 [105954.384921] R13: ffff914605f86910 R14: 0000000000008010 R15: 00000000ddb7c000 [105954.384923] FS: 0000000000000000(0000) GS:ffff9163fec40000(0000) knlGS:0000000000000000 [105954.384925] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [105954.384926] CR2: 000055d31ce1d6a0 CR3: 0000000119f5e001 CR4: 0000000000770ee0 [105954.384928] PKRU: 55555554 [105954.384929] Call Trace: [105954.384931] [105954.384934] qla24xx_sp_unmap+0x1f3/0x2a0 [qla2xxx] [105954.384962] ? qla_async_scan_sp_done+0x114/0x1f0 [qla2xxx] [105954.384980] ? qla24xx_els_ct_entry+0x4de/0x760 [qla2xxx] [105954.384999] ? __wake_up_common+0x80/0x190 [105954.385004] ? qla24xx_process_response_queue+0xc2/0xaa0 [qla2xxx] [105954.385023] ? qla24xx_msix_rsp_q+0x44/0xb0 [qla2xxx] [105954.385040] ? __handle_irq_event_percpu+0x3d/0x190 [105954.385044] ? handle_irq_event+0x58/0xb0 [105954.385046] ? handle_edge_irq+0x93/0x240 [105954.385050] ? __common_interrupt+0x41/0xa0 [105954.385055] ? common_interrupt+0x3e/0xa0 [105954.385060] ? asm_common_interrupt+0x22/0x40 La causa raíz de esto fue que hubo una liberación (dma_free_attrs) en el contexto de interrupción. Había un descubrimiento de dispositivo/escaneo de la estructura en progreso. Se emitió una descarga de módulo que estableció la bandera UNLOADING. Como parte del descubrimiento, después de recibir una interrupción, se programó una cola de trabajo (lo que implicó un trabajo a encolar). Dado que la bandera UNLOADING está establecida, el elemento de trabajo no fue asignado y la memoria mapeada tuvo que ser liberada. La liberación ocurrió en el contexto de interrupción, lo que llevó a un fallo del sistema. Retrasar la descarga del controlador hasta que el escaneo de la estructura esté completo para evitar el fallo.
References		() https://git.kernel.org/stable/c/8890bf450e0b6b283f48ac619fca5ac2f14ddd62 -

19 Feb 2026, 16:27

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/891f9969a29e9767a453cef4811c8d2472ccab49 - () https://git.kernel.org/stable/c/984dc1a51bf6fc3ca4e726abe790ec38952935d8 - () https://git.kernel.org/stable/c/d8af012f92eee021c6ebb7093e65813c926c336b -

18 Feb 2026, 16:22

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-18 16:22

Updated : 2026-03-18 17:07

NVD link : CVE-2025-71235

Mitre link : CVE-2025-71235

CVE.ORG link : CVE-2025-71235

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

5.5 /10