Acknowledged
Created: Sep 4, 2025
Updated: Sep 8, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure[EOL][EOL]If a call to lpfc_sli4_read_rev() from lpfc_sli4_hba_setup() fails, the[EOL]resultant cleanup routine lpfc_sli4_vport_delete_fcp_xri_aborted() may[EOL]occur before sli4_hba.hdwqs are allocated. This may result in a null[EOL]pointer dereference when attempting to take the abts_io_buf_list_lock for[EOL]the first hardware queue. Fix by adding a null ptr check on[EOL]phba->sli4_hba.hdwq and early return because this situation means there[EOL]must have been an error during port initialization.
CREATE(Triage):(User=admin) [CVE-2025-38695 (https://nvd.nist.gov/vuln/detail/CVE-2025-38695)
