CVE-2024-49891

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths When the HBA is undergoing a reset or is handling an errata event, NULL ptr dereference crashes may occur in routines such as lpfc_sli_flush_io_rings(), lpfc_dev_loss_tmo_callbk(), or lpfc_abort_handler(). Add NULL ptr checks before dereferencing hdwq pointers that may have been freed due to operations colliding with a reset or errata event handler.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

09 Dec 2024, 13:10

Type Values Removed Values Added
References
  • () https://git.kernel.org/stable/c/232a138bd843d48cb2368f604646d990db7640f3 -

25 Oct 2024, 14:42

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
References () https://git.kernel.org/stable/c/2be1d4f11944cd6283cb97268b3e17c4424945ca - () https://git.kernel.org/stable/c/2be1d4f11944cd6283cb97268b3e17c4424945ca - Patch
References () https://git.kernel.org/stable/c/99a801e2fca39a6f31e543fc3383058a8955896f - () https://git.kernel.org/stable/c/99a801e2fca39a6f31e543fc3383058a8955896f - Patch
References () https://git.kernel.org/stable/c/fd665c8dbdb19548965b0ae80c490de00e906366 - () https://git.kernel.org/stable/c/fd665c8dbdb19548965b0ae80c490de00e906366 - Patch
CWE CWE-476
First Time Linux linux Kernel
Linux
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

23 Oct 2024, 15:13

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: lpfc: Validar punteros hdwq antes de desreferenciar en rutas de reinicio/errata Cuando el HBA está experimentando un reinicio o está manejando un evento de erratas, pueden ocurrir fallos de desreferencia de ptr NULL en rutinas como lpfc_sli_flush_io_rings(), lpfc_dev_loss_tmo_callbk() o lpfc_abort_handler(). Agregue verificaciones de ptr NULL antes de desreferenciar punteros hdwq que pueden haberse liberado debido a operaciones que colisionan con un controlador de eventos de reinicio o erratas.

21 Oct 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-21 18:15

Updated : 2024-12-09 13:10


NVD link : CVE-2024-49891

Mitre link : CVE-2024-49891

CVE.ORG link : CVE-2024-49891


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-476

NULL Pointer Dereference