CVE-2024-42289 – scsi: qla2xxx: During vport delete send async logout explicitly
https://notcve.org/view.php?id=CVE-2024-42289
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: During vport delete send async logout explicitly During vport delete, it is observed that during unload we hit a crash because of stale entries in outstanding command array. For all these stale I/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but I/Os could not complete while vport delete is in process of deleting. BUG: kernel NULL pointer dereference, address: 000000000000001c #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI Workqueue: qla2xxx_wq qla_do_work [qla2xxx] RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0 RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001 RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0 RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8 R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000 R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0 Call Trace: <TASK> qla2xxx_qpair_sp_free_dma+0x417/0x4e0 ? qla2xxx_qpair_sp_compl+0x10d/0x1a0 ? qla2x00_status_entry+0x768/0x2830 ? newidle_balance+0x2f0/0x430 ? • https://git.kernel.org/stable/c/086489256696eb774654a5410e86381c346356fe https://git.kernel.org/stable/c/171ac4b495f9473bc134356a00095b47e6409e52 https://git.kernel.org/stable/c/e5ed6a26ffdec0c91cf0b6138afbd675c00ad5fc https://git.kernel.org/stable/c/b12c54e51ba83c1fbc619d35083d7872e42ecdef https://git.kernel.org/stable/c/d28a2075bb530489715a3b011e1dd8765ba20313 https://git.kernel.org/stable/c/87c25fcb95aafabb6a4914239f4ab41b07a4f9b7 https://git.kernel.org/stable/c/b35d6d5a2f38605cddea7d5c64cded894fbe8ede https://git.kernel.org/stable/c/76f480d7c717368f29a3870f7d64471ce •
CVE-2024-42288 – scsi: qla2xxx: Fix for possible memory corruption
https://notcve.org/view.php?id=CVE-2024-42288
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix for possible memory corruption Init Control Block is dereferenced incorrectly. Correctly dereference ICB • https://git.kernel.org/stable/c/dae67169cb35a37ecccf60cfcd6bf93a1f4f5efb https://git.kernel.org/stable/c/87db8d7b7520e99de71791260989f06f9c94953d https://git.kernel.org/stable/c/b0302ffc74123b6a99d7d1896fcd9b2e4072d9ce https://git.kernel.org/stable/c/2a15b59a2c5afac89696e44acf5bbfc0599c6c5e https://git.kernel.org/stable/c/571d7f2a08836698c2fb0d792236424575b9829b https://git.kernel.org/stable/c/8192c533e89d9fb69b2490398939236b78cda79b https://git.kernel.org/stable/c/c03d740152f78e86945a75b2ad541bf972fab92a •
CVE-2024-42286 – scsi: qla2xxx: validate nvme_local_port correctly
https://notcve.org/view.php?id=CVE-2024-42286
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: validate nvme_local_port correctly The driver load failed with error message, qla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef and with a kernel crash, BUG: unable to handle kernel NULL pointer dereference at 0000000000000070 Workqueue: events_unbound qla_register_fcport_fn [qla2xxx] RIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc] RSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000 RDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000 RBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030 R10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4 R13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8 FS: 0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0 Call Trace: qla_nvme_register_remote+0xeb/0x1f0 [qla2xxx] ? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx] qla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx] qla_register_fcport_fn+0x54/0xc0 [qla2xxx] Exit the qla_nvme_register_remote() function when qla_nvme_register_hba() fails and correctly validate nvme_local_port. • https://git.kernel.org/stable/c/549aac9655320c9b245a24271b204668c5d40430 https://git.kernel.org/stable/c/e1f010844443c389bc552884ac5cfa47de34d54c https://git.kernel.org/stable/c/a3ab508a4853a9f5ae25a7816a4889f09938f63c https://git.kernel.org/stable/c/cde43031df533751b4ead37d173922feee2f550f https://git.kernel.org/stable/c/7cec2c3bfe84539c415f5e16f989228eba1d2f1e https://git.kernel.org/stable/c/f6be298cc1042f24d521197af29c7c4eb95af4d5 https://git.kernel.org/stable/c/3eac973eb5cb2b874b3918f924798afc5affd46b https://git.kernel.org/stable/c/eb1d4ce2609584eeb7694866f34d4b213 •
CVE-2024-42285 – RDMA/iwcm: Fix a use-after-free related to destroying CM IDs
https://notcve.org/view.php?id=CVE-2024-42285
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs iw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with an existing struct iw_cm_id (cm_id) as follows: conn_id->cm_id.iw = cm_id; cm_id->context = conn_id; cm_id->cm_handler = cma_iw_handler; rdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make sure that cm_work_handler() does not trigger a use-after-free by only freeing of the struct rdma_id_private after all pending work has finished. • https://git.kernel.org/stable/c/59c68ac31e15ad09d2cb04734e3c8c544a95f8d4 https://git.kernel.org/stable/c/d91d253c87fd1efece521ff2612078a35af673c6 https://git.kernel.org/stable/c/7f25f296fc9bd0435be14e89bf657cd615a23574 https://git.kernel.org/stable/c/94ee7ff99b87435ec63211f632918dc7f44dac79 https://git.kernel.org/stable/c/557d035fe88d78dd51664f4dc0e1896c04c97cf6 https://git.kernel.org/stable/c/dc8074b8901caabb97c2d353abd6b4e7fa5a59a5 https://git.kernel.org/stable/c/ff5bbbdee08287d75d72e65b72a2b76d9637892a https://git.kernel.org/stable/c/ee39384ee787e86e9db4efb843818ef0e •
CVE-2024-42284 – tipc: Return non-zero value from tipc_udp_addr2str() on error
https://notcve.org/view.php?id=CVE-2024-42284
In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipc_udp_addr2str() on error tipc_udp_addr2str() should return non-zero value if the UDP media address is invalid. Otherwise, a buffer overflow access can occur in tipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP media address. • https://git.kernel.org/stable/c/d0f91938bede204a343473792529e0db7d599836 https://git.kernel.org/stable/c/7ec3335dd89c8d169e9650e4bac64fde71fdf15b https://git.kernel.org/stable/c/253405541be2f15ffebdeac2f4cf4b7e9144d12f https://git.kernel.org/stable/c/aa38bf74899de07cf70b50cd17f8ad45fb6654c8 https://git.kernel.org/stable/c/5eea127675450583680c8170358bcba43227bd69 https://git.kernel.org/stable/c/728734352743a78b4c5a7285b282127696a4a813 https://git.kernel.org/stable/c/76ddf84a52f0d8ec3f5db6ccce08faf202a17d28 https://git.kernel.org/stable/c/2abe350db1aa599eeebc6892237d0bce0 • CWE-393: Return of Wrong Status Code •