CVE-2025-38289

{"id": "CVE-2025-38289", "cveTags": [], "metrics": {}, "published": "2025-07-10T08:15:27.470", "references": [{"url": "https://git.kernel.org/stable/c/4f09940b5581e44069eb31a66cf7f05c3c35ed04", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b5162bb6aa1ec04dff4509b025883524b6d7e7ca", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ea405fb4144985d5c60f49c2abd9ba47ea44fdb4", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk\n\nSmatch detected a potential use-after-free of an ndlp oject in\ndev_loss_tmo_callbk during driver unload or fatal error handling.\n\nFix by reordering code to avoid potential use-after-free if initial\nnodelist reference has been previously removed."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: lpfc: Evitar un posible use-after-free de ndlp en dev_loss_tmo_callbk. Smatch detect\u00f3 un posible use-after-free de un objeto ndlp en dev_loss_tmo_callbk durante la descarga del controlador o la gesti\u00f3n de errores fatales. Se solucion\u00f3 reordenando el c\u00f3digo para evitar un posible use-after-free si se elimin\u00f3 previamente la referencia inicial a la lista de nodos."}], "lastModified": "2025-07-10T15:15:28.170", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}