CVE-2021-47565

scsi: mpt3sas: Fix kernel panic during drive powercycle test

Severity Score

4.7

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix kernel panic during drive powercycle test While looping over shost's sdev list it is possible that one
of the drives is getting removed and its sas_target object is
freed but its sdev object remains intact. Consequently, a kernel panic can occur while the driver is trying to access
the sas_address field of sas_target object without also checking the
sas_target object for NULL.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: scsi: mpt3sas: solucionó el pánico del kernel durante la prueba de ciclo de energía de la unidad. Mientras se recorre la lista sdev de shost, es posible que una de las unidades se esté eliminando y su objeto sas_target se libere pero su objeto sdev permanece intacta. En consecuencia, puede ocurrir un pánico en el kernel mientras el controlador intenta acceder al campo sas_address del objeto sas_target sin verificar también si el objeto sas_target es NULL.

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix kernel panic during drive powercycle test While looping over shost's sdev list it is possible that one of the drives is getting removed and its sas_target object is freed but its sdev object remains intact. Consequently, a kernel panic can occur while the driver is trying to access the sas_address field of sas_target object without also checking the sas_target object for NULL.

*Credits: N/A

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

High

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-24 CVE Reserved
2024-05-24 CVE Published
2024-12-19 CVE Updated
2025-03-29 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/f92363d12359498f9a9960511de1a550f0ec41c2	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/5d4d50b1f159a5ebab7617f47121b4370aa58afe	2021-12-08
https://git.kernel.org/stable/c/58ef2c7a6de13721865d84b80eecf56d6cba0937	2021-12-08
https://git.kernel.org/stable/c/dd035ca0e7a142870a970d46b1d19276cfe2bc8c	2021-12-08
https://git.kernel.org/stable/c/0d4b29eaadc1f59cec0c7e85eae77d08fcca9824	2021-12-01
https://git.kernel.org/stable/c/7e324f734a914957b8cc3ff4b4c9f0409558adb5	2021-12-01
https://git.kernel.org/stable/c/2bf9c5a5039c8f4b037236aed505e6a25c1d5f7b	2021-12-01
https://git.kernel.org/stable/c/8485649a7655e791a6e4e9f15b4d30fdae937184	2021-12-01
https://git.kernel.org/stable/c/0ee4ba13e09c9d9c1cb6abb59da8295d9952328b	2021-11-19

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.8 < 4.4.294 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 4.4.294"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.8 < 4.9.292 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 4.9.292"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.8 < 4.14.257 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 4.14.257"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.8 < 4.19.219 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 4.19.219"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.8 < 5.4.163 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 5.4.163"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.8 < 5.10.83 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 5.10.83"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.8 < 5.15.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 5.15.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.8 < 5.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 5.16"		en		Affected