CVE-2021-47473

scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els()

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els()

Commit 8c0eb596baa5 ("[SCSI] qla2xxx: Fix a memory leak in an error path of
qla2x00_process_els()"), intended to change:

bsg_job->request->msgcode == FC_BSG_HST_ELS_NOLOGIN

bsg_job->request->msgcode != FC_BSG_RPT_ELS

but changed it to:

bsg_job->request->msgcode == FC_BSG_RPT_ELS

instead.

Change the == to a != to avoid leaking the fcport structure or freeing
unallocated memory.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: qla2xxx: corrige una pérdida de memoria en una ruta de error de qla2x00_process_els() Commit 8c0eb596baa5 ("[SCSI] qla2xxx: corrige una pérdida de memoria en una ruta de error de qla2x00_process_els()" ), destinado a cambiar: bsg_job->request->msgcode == FC_BSG_HST_ELS_NOLOGIN bsg_job->request->msgcode != FC_BSG_RPT_ELS pero lo cambió a: bsg_job->request->msgcode == FC_BSG_RPT_ELS en su lugar. Cambie == a != para evitar filtrar la estructura del fcport o liberar memoria no asignada.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-22 CVE Reserved
2024-05-22 CVE Published
2024-05-22 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (4)

URL	Tag	Source
https://git.kernel.org/stable/c/8c0eb596baa51f2b43949c698c644727ef17805c	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/96f0aebf29be25254fa585af43924e34aa21fd9a	2021-10-27
https://git.kernel.org/stable/c/a7fbb56e6c941d9f59437b96412a348e66388d3e	2021-10-27
https://git.kernel.org/stable/c/7fb223d0ad801f633c78cbe42b1d1b55f5d163ad	2021-10-19

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.11 < 5.10.76 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 5.10.76"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.11 < 5.14.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 5.14.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.11 < 5.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 5.15"		en		Affected