CVE-2021-47203

2024-04-1019:15:48

Debian Security Bug Tracker

security-tracker.debian.org

linux kernel

scsi

lpfc driver

vulnerability

list corruption

fix

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.2%

JSON

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() When parsing the txq list in lpfc_drain_txq(), the driver attempts to pass the requests to the adapter. If such an attempt fails, a local “fail_msg” string is set and a log message output. The job is then added to a completions list for cancellation. Processing of any further jobs from the txq list continues, but since “fail_msg” remains set, jobs are added to the completions list regardless of whether a wqe was passed to the adapter. If successfully added to txcmplq, jobs are added to both lists resulting in list corruption. Fix by clearing the fail_msg string after adding a job to the completions list. This stops the subsequent jobs from being added to the completions list unless they had an appropriate failure.

OSVersionArchitecturePackageVersionFilename
Debian12alllinux< 5.15.5-1linux_5.15.5-1_all.deb
Debian11alllinux< 5.10.84-1linux_5.10.84-1_all.deb
Debian10alllinux< 4.19.232-1linux_4.19.232-1_all.deb
Debian999alllinux< 5.15.5-1linux_5.15.5-1_all.deb
Debian13alllinux< 5.15.5-1linux_5.15.5-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	linux	< 5.15.5-1	linux_5.15.5-1_all.deb
Debian	11	all	linux	< 5.10.84-1	linux_5.10.84-1_all.deb
Debian	10	all	linux	< 4.19.232-1	linux_4.19.232-1_all.deb
Debian	999	all	linux	< 5.15.5-1	linux_5.15.5-1_all.deb
Debian	13	all	linux	< 5.15.5-1	linux_5.15.5-1_all.deb