Use After Free Affecting kernel-zfcpdump-devel package, versions *


Severity

Recommended
low

Based on Red Hat Enterprise Linux security rating

    Threat Intelligence

    EPSS
    0.04% (12th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-RHEL8-KERNELZFCPDUMPDEVEL-6335848
  • published 29 Feb 2024
  • disclosed 27 Feb 2024

How to fix?

There is no fixed version for RHEL:8 kernel-zfcpdump-devel.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-zfcpdump-devel package and not the kernel-zfcpdump-devel package as distributed by RHEL. See How to fix? for RHEL:8 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand()

RIP: 0010:kmem_cache_free+0xfa/0x1b0
Call Trace:
   qla2xxx_mqueuecommand+0x2b5/0x2c0 [qla2xxx]
   scsi_queue_rq+0x5e2/0xa40
   __blk_mq_try_issue_directly+0x128/0x1d0
   blk_mq_request_issue_directly+0x4e/0xb0

Fix incorrect call to free srb in qla2xxx_mqueuecommand(), as srb is now allocated by upper layers. This fixes smatch warning of srb unintended free.

CVSS Scores

version 3.1
Expand this section

Red Hat

4.4 medium
  • Attack Vector (AV)
    Local
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    High
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    None
  • Integrity (I)
    None
  • Availability (A)
    High
Expand this section

SUSE

5.5 medium