CVE-2025-38238

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A flaw exists in the Linux kernel related to the Fibre Channel Network Interface Card (fnic) driver. A crash can occur in the fnic wq cmpl handler function when Fibre Distributed Memory Interface (FDMI) requests from both the Remote Host Bus Adapter (RHBA) and Remote Port Adapter (RPA) time out. This happens because the driver attempts to free the same memory frame twice when resending ABTS (Abort Block Transfer Sequence) commands. The issue was addressed by allocating separate frames for RHBA and RPA requests and modifying the ABTS logic. Testing involved dropping various responses (PLOGI, RHBA, RPA) and combinations thereof, along with ABTS responses, to verify the fix.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.