In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() When parsing the txq list in lpfc_drain_txq(), the driver attempts to pass the requests to the adapter. If such an attempt fails, a local “fail_msg” string is set and a log message output. The job is then added to a completions list for cancellation. Processing of any further jobs from the txq list continues, but since “fail_msg” remains set, jobs are added to the completions list regardless of whether a wqe was passed to the adapter. If successfully added to txcmplq, jobs are added to both lists resulting in list corruption. Fix by clearing the fail_msg string after adding a job to the completions list. This stops the subsequent jobs from being added to the completions list unless they had an appropriate failure.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | linux | < 5.15.5-1 | linux_5.15.5-1_all.deb |
Debian | 11 | all | linux | < 5.10.84-1 | linux_5.10.84-1_all.deb |
Debian | 10 | all | linux | < 4.19.232-1 | linux_4.19.232-1_all.deb |
Debian | 999 | all | linux | < 5.15.5-1 | linux_5.15.5-1_all.deb |
Debian | 13 | all | linux | < 5.15.5-1 | linux_5.15.5-1_all.deb |