CVE-2024-49891

Summary

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths

When the HBA is undergoing a reset or is handling an errata event, NULL ptr dereference crashes may occur in routines such as lpfc_sli_flush_io_rings(), lpfc_dev_loss_tmo_callbk(), or lpfc_abort_handler().

Add NULL ptr checks before dereferencing hdwq pointers that may have been freed due to operations colliding with a reset or errata event handler.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux895427bd012ce5814fc9888c7c0ee9de44761833 < 5873aa7f814754085d418848b2089ef406a02dd0affected
LinuxLinux895427bd012ce5814fc9888c7c0ee9de44761833 < 232a138bd843d48cb2368f604646d990db7640f3affected
LinuxLinux895427bd012ce5814fc9888c7c0ee9de44761833 < 99a801e2fca39a6f31e543fc3383058a8955896faffected
LinuxLinux895427bd012ce5814fc9888c7c0ee9de44761833 < fd665c8dbdb19548965b0ae80c490de00e906366affected
LinuxLinux895427bd012ce5814fc9888c7c0ee9de44761833 < 2be1d4f11944cd6283cb97268b3e17c4424945caaffected
LinuxLinux4.11affected
LinuxLinux0 < 4.11unaffected
LinuxLinux6.1.120 <= 6.1.*unaffected
LinuxLinux6.6.64 <= 6.6.*unaffected
LinuxLinux6.10.14 <= 6.10.*unaffected
LinuxLinux6.11.3 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References