CVE-2025-39841

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a use-after-free issue in the SCSI Low-Level Fibre Channel (lpfc) driver. A buffer release sequence error in the deferred receive path could lead to a double-free or use-after-free condition. The issue occurs because the RQ buffer was freed before the context pointer was cleared under lock, potentially allowing concurrent paths to access the released memory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.