CVE-2021-47473

Summary

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els()

Commit 8c0eb596baa5 ("[SCSI] qla2xxx: Fix a memory leak in an error path of qla2x00_process_els()"), intended to change:

    bsg_job->request->msgcode == FC_BSG_HST_ELS_NOLOGIN


    bsg_job->request->msgcode != FC_BSG_RPT_ELS

but changed it to:

    bsg_job->request->msgcode == FC_BSG_RPT_ELS

instead.

Change the == to a != to avoid leaking the fcport structure or freeing unallocated memory.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux8c0eb596baa51f2b43949c698c644727ef17805c < 96f0aebf29be25254fa585af43924e34aa21fd9aaffected
LinuxLinux8c0eb596baa51f2b43949c698c644727ef17805c < a7fbb56e6c941d9f59437b96412a348e66388d3eaffected
LinuxLinux8c0eb596baa51f2b43949c698c644727ef17805c < 7fb223d0ad801f633c78cbe42b1d1b55f5d163adaffected
LinuxLinux3.11affected
LinuxLinux0 < 3.11unaffected
LinuxLinux5.10.76 <= 5.10.*unaffected
LinuxLinux5.14.15 <= 5.14.*unaffected
LinuxLinux5.15 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References