Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistLinuxCVELIST:CVE-2021-47198
HistoryApr 10, 2024 - 6:56 p.m.

CVE-2021-47198 scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine

2024-04-1018:56:33
Linux
www.cve.org
linux kernel
vulnerability
scsi
lpfc
use-after-free
nlp_reg_login_send
lpfc_mbx_cmpl_fc_reg_login

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine

An error is detected with the following report when unloading the driver:
“KASAN: use-after-free in lpfc_unreg_rpi+0x1b1b”

The NLP_REG_LOGIN_SEND nlp_flag is set in lpfc_reg_fab_ctrl_node(), but the
flag is not cleared upon completion of the login.

This allows a second call to lpfc_unreg_rpi() to proceed with nlp_rpi set
to LPFC_RPI_ALLOW_ERROR. This results in a use after free access when used
as an rpi_ids array index.

Fix by clearing the NLP_REG_LOGIN_SEND nlp_flag in
lpfc_mbx_cmpl_fc_reg_login().

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/scsi/lpfc/lpfc_hbadisc.c"
    ],
    "versions": [
      {
        "version": "1da177e4c3f4",
        "lessThan": "dbebf865b323",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "79b20beccea3",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/scsi/lpfc/lpfc_hbadisc.c"
    ],
    "versions": [
      {
        "version": "5.15.5",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.16",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

redhatcve 1
nvd 1
ubuntucve 1
cve 1
debiancve 1
nessus 11
openvas 6
redhatcve
redhatcve
CVE-2021-47198
2024-04-11 22:01:47
nvd
nvd
CVE-2021-47198
2024-04-10 19:15:47
ubuntucve
ubuntucve
CVE-2021-47198
2024-04-10 00:00:00
cve
cve
CVE-2021-47198
2024-04-10 19:15:47
debiancve
debiancve
CVE-2021-47198
2024-04-10 19:15:47
nessus
nessus
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1650-1)
2024-05-16 00:00:00
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1642-1)
2024-05-15 00:00:00
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1641-1)
2024-05-15 00:00:00
openvas
openvas
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1642-1)
2024-05-24 00:00:00
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1647-1)
2024-05-24 00:00:00
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1641-1)
2024-05-24 00:00:00

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for CVELIST:CVE-2021-47198
redhatcve1nvd1ubuntucve1cve1debiancve1nessus11openvas6