CVE-2025-71235

5.5

MEDIUM CVSS 3.1

scsi: qla2xxx: Delay module unload while fabric scan in progress

Overview
Vulnerability Timeline

Overview

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Delay module unload while fabric scan in progress System crash seen during load/unload test in a loop. [105954.384919] RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086 [105954.384920] R10: 000000000000000f R11: ffffa31240904be5 R12: ffff914605f868e0 [105954.384921] R13: ffff914605f86910 R14: 0000000000008010 R15: 00000000ddb7c000 [105954.384923] FS: 0000000000000000(0000) GS:ffff9163fec40000(0000) knlGS:0000000000000000 [105954.384925] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [105954.384926] CR2: 000055d31ce1d6a0 CR3: 0000000119f5e001 CR4: 0000000000770ee0 [105954.384928] PKRU: 55555554 [105954.384929] Call Trace: [105954.384931] <IRQ> [105954.384934] qla24xx_sp_unmap+0x1f3/0x2a0 [qla2xxx] [105954.384962] ? qla_async_scan_sp_done+0x114/0x1f0 [qla2xxx] [105954.384980] ? qla24xx_els_ct_entry+0x4de/0x760 [qla2xxx] [105954.384999] ? __wake_up_common+0x80/0x190 [105954.385004] ? qla24xx_process_response_queue+0xc2/0xaa0 [qla2xxx] [105954.385023] ? qla24xx_msix_rsp_q+0x44/0xb0 [qla2xxx] [105954.385040] ? __handle_irq_event_percpu+0x3d/0x190 [105954.385044] ? handle_irq_event+0x58/0xb0 [105954.385046] ? handle_edge_irq+0x93/0x240 [105954.385050] ? __common_interrupt+0x41/0xa0 [105954.385055] ? common_interrupt+0x3e/0xa0 [105954.385060] ? asm_common_interrupt+0x22/0x40 The root cause of this was that there was a free (dma_free_attrs) in the interrupt context. There was a device discovery/fabric scan in progress. A module unload was issued which set the UNLOADING flag. As part of the discovery, after receiving an interrupt a work queue was scheduled (which involved a work to be queued). Since the UNLOADING flag is set, the work item was not allocated and the mapped memory had to be freed. The free occurred in interrupt context leading to system crash. Delay the driver unload until the fabric scan is complete to avoid the crash.

Details

INFO

Published Date :

Feb. 18, 2026, 4:22 p.m.

Last Modified :

March 18, 2026, 5:07 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Impact

Affected Products

The following products are affected by CVE-2025-71235 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product	Action
1	Linux	linux_kernel

: Total Affected Vendor : 1 | Products : 1

Scoring

CVSS Scores

The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.

Score	Version	Severity	Vector	Exploitability Score	Impact Score	Source
	CVSS 3.1	MEDIUM				[email protected]

Solution

Delay module unload during fabric scan to prevent system crashes from memory deallocation in interrupt context.

Apply the patch to delay driver unload.
Ensure fabric scan completes before unloading the module.
Test load/unload cycles after applying the fix.

References

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-71235.

URL	Resource
https://git.kernel.org/stable/c/528b2f1027edfb52af0171f0f4b227fb356dde05	Patch
https://git.kernel.org/stable/c/7062eb0c488f35730334daad9495d9265c574853	Patch
https://git.kernel.org/stable/c/8890bf450e0b6b283f48ac619fca5ac2f14ddd62	Patch
https://git.kernel.org/stable/c/891f9969a29e9767a453cef4811c8d2472ccab49	Patch
https://git.kernel.org/stable/c/984dc1a51bf6fc3ca4e726abe790ec38952935d8	Patch
https://git.kernel.org/stable/c/c068ebbaf52820d6bdefb9b405a1e426663c635a	Patch
https://git.kernel.org/stable/c/d70f71d4c92bcb8b6a21ac62d4ea3e87721f4f32	Patch
https://git.kernel.org/stable/c/d8af012f92eee021c6ebb7093e65813c926c336b	Patch

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-71235 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-71235 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-71235 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-71235 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

Initial Analysis by [email protected]

Mar. 18, 2026

Action	Type	New Value
Added	CVSS V3.1	AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Added	CWE	NVD-CWE-noinfo
Added	CPE Configuration	OR cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.19 up to (excluding) 6.19.1 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.16 up to (excluding) 6.1.164 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.11 up to (excluding) 5.15.201 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.2 up to (excluding) 6.6.125 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.7 up to (excluding) 6.12.72 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.13 up to (excluding) 6.18.11 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 4.8 up to (excluding) 5.10.251
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/528b2f1027edfb52af0171f0f4b227fb356dde05 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/7062eb0c488f35730334daad9495d9265c574853 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/8890bf450e0b6b283f48ac619fca5ac2f14ddd62 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/891f9969a29e9767a453cef4811c8d2472ccab49 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/984dc1a51bf6fc3ca4e726abe790ec38952935d8 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/c068ebbaf52820d6bdefb9b405a1e426663c635a Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/d70f71d4c92bcb8b6a21ac62d4ea3e87721f4f32 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/d8af012f92eee021c6ebb7093e65813c926c336b Types: Patch

CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Feb. 23, 2026

Action	Type	Old Value	New Value
Added	Reference		https://git.kernel.org/stable/c/8890bf450e0b6b283f48ac619fca5ac2f14ddd62

CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Feb. 19, 2026

Action	Type	New Value
Added	Reference	https://git.kernel.org/stable/c/891f9969a29e9767a453cef4811c8d2472ccab49
Added	Reference	https://git.kernel.org/stable/c/984dc1a51bf6fc3ca4e726abe790ec38952935d8
Added	Reference	https://git.kernel.org/stable/c/d8af012f92eee021c6ebb7093e65813c926c336b

New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Feb. 18, 2026

Action	Type	New Value
Added	Description	In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Delay module unload while fabric scan in progress System crash seen during load/unload test in a loop. [105954.384919] RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086 [105954.384920] R10: 000000000000000f R11: ffffa31240904be5 R12: ffff914605f868e0 [105954.384921] R13: ffff914605f86910 R14: 0000000000008010 R15: 00000000ddb7c000 [105954.384923] FS: 0000000000000000(0000) GS:ffff9163fec40000(0000) knlGS:0000000000000000 [105954.384925] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [105954.384926] CR2: 000055d31ce1d6a0 CR3: 0000000119f5e001 CR4: 0000000000770ee0 [105954.384928] PKRU: 55555554 [105954.384929] Call Trace: [105954.384931] <IRQ> [105954.384934] qla24xx_sp_unmap+0x1f3/0x2a0 [qla2xxx] [105954.384962] ? qla_async_scan_sp_done+0x114/0x1f0 [qla2xxx] [105954.384980] ? qla24xx_els_ct_entry+0x4de/0x760 [qla2xxx] [105954.384999] ? __wake_up_common+0x80/0x190 [105954.385004] ? qla24xx_process_response_queue+0xc2/0xaa0 [qla2xxx] [105954.385023] ? qla24xx_msix_rsp_q+0x44/0xb0 [qla2xxx] [105954.385040] ? __handle_irq_event_percpu+0x3d/0x190 [105954.385044] ? handle_irq_event+0x58/0xb0 [105954.385046] ? handle_edge_irq+0x93/0x240 [105954.385050] ? __common_interrupt+0x41/0xa0 [105954.385055] ? common_interrupt+0x3e/0xa0 [105954.385060] ? asm_common_interrupt+0x22/0x40 The root cause of this was that there was a free (dma_free_attrs) in the interrupt context. There was a device discovery/fabric scan in progress. A module unload was issued which set the UNLOADING flag. As part of the discovery, after receiving an interrupt a work queue was scheduled (which involved a work to be queued). Since the UNLOADING flag is set, the work item was not allocated and the mapped memory had to be freed. The free occurred in interrupt context leading to system crash. Delay the driver unload until the fabric scan is complete to avoid the crash.
Added	Reference	https://git.kernel.org/stable/c/528b2f1027edfb52af0171f0f4b227fb356dde05
Added	Reference	https://git.kernel.org/stable/c/7062eb0c488f35730334daad9495d9265c574853
Added	Reference	https://git.kernel.org/stable/c/c068ebbaf52820d6bdefb9b405a1e426663c635a
Added	Reference	https://git.kernel.org/stable/c/d70f71d4c92bcb8b6a21ac62d4ea3e87721f4f32

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CVE-2025-71235

scsi: qla2xxx: Delay module unload while fabric scan in progress

Description

INFO

Feb. 18, 2026, 4:22 p.m.

March 18, 2026, 5:07 p.m.

No

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Products

CVSS Scores

Solution

References to Advisories, Solutions, and Tools

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Initial Analysis by [email protected]

CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability Scoring Details

Base CVSS Score: 5.5

Browse by Apps

CVE-2025-71235

scsi: qla2xxx: Delay module unload while fabric scan in progress

Description

INFO

Feb. 18, 2026, 4:22 p.m.

March 18, 2026, 5:07 p.m.

No

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Products

CVSS Scores

Solution

References to Advisories, Solutions, and Tools

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Initial Analysis by [email protected]

CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability Scoring Details

Base CVSS Score: 5.5

Cookie Preferences