Severity
7.8HIGH
EPSS
0.0%
top 99.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 4
Latest updateMar 10
Description
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix bsg_done() causing double free
Kernel panic observed on system,
[5353358.825191] BUG: unable to handle page fault for address: ff5f5e897b024000
[5353358.825194] #PF: supervisor write access in kernel mode
[5353358.825195] #PF: error_code(0x0002) - not-present page
[5353358.825196] PGD 100006067 P4D 0
[5353358.825198] Oops: 0002 [#1] PREEMPT SMP NOPTI
[5353358.825200] CPU: 5 PID: 2132085 Comm: qlafwupdate.su…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages4 packages
▶CVEListV5linux/linux1b81e7f3019d632a707e07927e946ffbbc102910 — 057a5bdc481e58ab853117254867ffb22caf9f6e+8
Patches
🔴Vulnerability Details
3OSV▶
CVE-2025-71238: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsg_done() causing double free Kernel panic observed on system,↗2026-03-04
GHSA▶
GHSA-7hgf-78m2-x598: In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix bsg_done() causing double free
Kernel panic observed on syste↗2026-03-04
📋Vendor Advisories
3🕵️Threat Intelligence
1💬Community
1Bugzilla▶
CVE-2025-71238 kernel: Linux kernel (qla2xxx): Double free vulnerability leads to denial of service and potential privilege escalation.↗2026-03-04