CVE-2025-71232

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.0-284.11.1.el9 2

Description The Linux kernel contains a flaw related to the qla2xxx SCSI driver. A system crash can occur during load/unload testing due to improper handling of memory allocation and deallocation within the driver, specifically when freeing spinlocks in an error path. This issue is triggered during the shutdown process of the qla2xxx module, leading to a kernel panic. The error message indicates that objects remain in the qla2xxx srbs slab cache when the cache is destroyed.

Recommendations Update the Linux kernel to version 5.14.0-284.11.1.el9 2 or later.

Exploit

Fix

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-772

Related Identifiers

CVE-2025-71232

ECHO-C727-C01B-5D8C

OESA-2026-1566

OESA-2026-1567

OESA-2026-1570

OPENSUSE-SU-2026:10387-1

OPENSUSE-SU-2026:20416-1

SUSE-SU-2026:0962-1

SUSE-SU-2026:1081-1

SUSE-SU-2026:20667-1

SUSE-SU-2026:20720-1

SUSE-SU-2026:20838-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

SUSE-SU-2026:20931-1

SUSE-SU-2026:21284-1

Affected Products

Linux Kernel

Qla2Xxx

CVE-2025-71232

Weakness Enumeration

Related Identifiers

Affected Products

References · 1674