In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info
The MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the
routine unconditionally frees submitted mailbox commands regardless of
return status. The issue is that for MBX_TIMEOUT cases, when firmware
returns SFP information at a later time, that same mailbox memory region
references previously freed memory in its cmpl routine.
Fix by adding checks for the MBX_TIMEOUT return code. During mailbox
resource cleanup, check the mbox flag to make sure that the wait did not
timeout. If the MBOX_WAKE flag is not set, then do not free the resources
because it will be freed when firmware completes the mailbox at a later
time in its cmpl routine.
Also, increase the timeout from 30 to 60 seconds to accommodate boot
scripts requiring longer timeouts.
References
Configurations
History
08 Oct 2024, 18:22
Type | Values Removed | Values Added |
---|---|---|
First Time |
Linux linux Kernel
Linux |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
CWE | CWE-416 | |
References | () https://git.kernel.org/stable/c/bba47fe3b038cca3d3ebd799665ce69d6d273b58 - Patch | |
References | () https://git.kernel.org/stable/c/ede596b1434b57c0b3fd5c02b326efe5c54f6e48 - Patch | |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
30 Sep 2024, 12:45
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
27 Sep 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-27 13:15
Updated : 2024-10-08 18:22
NVD link : CVE-2024-46842
Mitre link : CVE-2024-46842
CVE.ORG link : CVE-2024-46842
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-416
Use After Free