In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only then cleared the context pointer under the lock. Concurrent paths (e.g., ABTS and the repost path) also inspect and release the same pointer under the lock, so the old order could lead to double-free/UAF. Note that the repost path already uses the correct pattern: detach the pointer under the lock, then free it after dropping the lock. The deferred path should do the same.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2025091902-CVE-2025-39841-2c0f@gregkh/T
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:18281 https://access.redhat.com/errata/RHSA-2025:18281
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:18318 https://access.redhat.com/errata/RHSA-2025:18318
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:19103 https://access.redhat.com/errata/RHSA-2025:19103
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:19102 https://access.redhat.com/errata/RHSA-2025:19102
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2025:21083 https://access.redhat.com/errata/RHSA-2025:21083
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:21084 https://access.redhat.com/errata/RHSA-2025:21084
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:21112 https://access.redhat.com/errata/RHSA-2025:21112
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:21118 https://access.redhat.com/errata/RHSA-2025:21118
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:22661 https://access.redhat.com/errata/RHSA-2025:22661
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:22997 https://access.redhat.com/errata/RHSA-2025:22997
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2025:22995 https://access.redhat.com/errata/RHSA-2025:22995
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:22999 https://access.redhat.com/errata/RHSA-2025:22999
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2025:22996 https://access.redhat.com/errata/RHSA-2025:22996
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2025:23445 https://access.redhat.com/errata/RHSA-2025:23445
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2025:23463 https://access.redhat.com/errata/RHSA-2025:23463