CVE-2024-43821

2024-08-1700:00:00

ubuntu.com

linux kernel

vulnerability

cve-2024-43821

null pointer dereference

scsi lpfc

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

Low

JSON

In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Fix a possible null pointer dereference
In function lpfc_xcvr_data_show, the memory allocation with kmalloc might
fail, thereby making rdp_context a null pointer. In the following context
and functions that use this pointer, there are dereferencing operations,
leading to null pointer dereference.
To fix this issue, a null pointer check should be added. If it is null,
use scnprintf to notify the user and return len.

OSVersionArchitecturePackageVersionFilename
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux-aws< anyUNKNOWN
ubuntu24.04noarchlinux-azure< anyUNKNOWN
ubuntu24.04noarchlinux-gcp< anyUNKNOWN
ubuntu24.04noarchlinux-gke< anyUNKNOWN
ubuntu22.04noarchlinux-hwe-6.8< anyUNKNOWN
ubuntu24.04noarchlinux-ibm< anyUNKNOWN
ubuntu24.04noarchlinux-intel< anyUNKNOWN
ubuntu24.04noarchlinux-lowlatency< anyUNKNOWN
ubuntu22.04noarchlinux-lowlatency-hwe-6.8< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	24.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	24.04	noarch	linux-gcp	< any	UNKNOWN
ubuntu	24.04	noarch	linux-gke	< any	UNKNOWN
ubuntu	22.04	noarch	linux-hwe-6.8	< any	UNKNOWN
ubuntu	24.04	noarch	linux-ibm	< any	UNKNOWN
ubuntu	24.04	noarch	linux-intel	< any	UNKNOWN
ubuntu	24.04	noarch	linux-lowlatency	< any	UNKNOWN
ubuntu	22.04	noarch	linux-lowlatency-hwe-6.8	< any	UNKNOWN