Acknowledged
Created: Sep 21, 2025
Updated: Sep 23, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]scsi: lpfc: Fix buffer free/clear order in deferred receive path[EOL][EOL]Fix a use-after-free window by correcting the buffer release sequence in[EOL]the deferred receive path. The code freed the RQ buffer first and only[EOL]then cleared the context pointer under the lock. Concurrent paths (e.g.,[EOL]ABTS and the repost path) also inspect and release the same pointer under[EOL]the lock, so the old order could lead to double-free/UAF.[EOL][EOL]Note that the repost path already uses the correct pattern: detach the[EOL]pointer under the lock, then free it after dropping the lock. The[EOL]deferred path should do the same.
