Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2024-46842
HistorySep 27, 2024 - 1:15 p.m.

CVE-2024-46842

2024-09-2713:15:16
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
2
JSON

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info

The MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the
routine unconditionally frees submitted mailbox commands regardless of
return status. The issue is that for MBX_TIMEOUT cases, when firmware
returns SFP information at a later time, that same mailbox memory region
references previously freed memory in its cmpl routine.

Fix by adding checks for the MBX_TIMEOUT return code. During mailbox
resource cleanup, check the mbox flag to make sure that the wait did not
timeout. If the MBOX_WAKE flag is not set, then do not free the resources
because it will be freed when firmware completes the mailbox at a later
time in its cmpl routine.

Also, increase the timeout from 30 to 60 seconds to accommodate boot
scripts requiring longer timeouts.

Related

cvelist 1
cve 1
debiancve 1
cvelist
cvelist
CVE-2024-46842 scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info
2024-09-27 12:39:36
cve
cve
CVE-2024-46842
2024-09-27 13:15:16
debiancve
debiancve
CVE-2024-46842
2024-09-27 13:15:16
JSON
Related for NVD:CVE-2024-46842
cvelist1cve1debiancve1