ACK: [SRU][N][PATCH 0/1] CVE-2024-53227
Koichiro Den
koichiro.den at canonical.com
Wed Feb 12 12:08:40 UTC 2025
On Tue, Feb 11, 2025 at 03:57:09PM GMT, Bethany Jamison wrote:
> [Impact]
>
> scsi: bfa: Fix use-after-free in bfad_im_module_exit()
>
> There is a slab-use-after-free read of size 8 in __lock_acquire.
> This issue happens as follows:
>
> bfad_init
> error = bfad_im_module_init()
> fc_release_transport(bfad_im_scsi_transport_template);
> if (error)
> goto ext;
>
> ext:
> bfad_im_module_exit();
> fc_release_transport(bfad_im_scsi_transport_template);
> --> Trigger double release
>
> Don't call bfad_im_module_exit() if bfad_im_module_init() failed.
>
> [Fix]
>
> Oracular: pending (6.11.0-17.17)
> Noble: Clean cherry-pick from linux-6.11.y
> Jammy: pending
> Focal: pending
> Bionic: fix sent to esm ML
> Xenial: fix sent to esm ML
> Trusty: won't fix as it is not critical
>
> [Test Case]
>
> Compile tested, lack hardware for further testing.
>
> [Where problems could occur]
>
> This fix affects those who use the QLogic BR-series Fibre Channel Host
> Bus Adapter driver, an issue with this fix would be visible to the user
> via unexpected system behavior.
>
> Ye Bin (1):
> scsi: bfa: Fix use-after-free in bfad_im_module_exit()
>
> drivers/scsi/bfa/bfad.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
Acked-by: Koichiro Den <koichiro.den at canonical.com>
More information about the kernel-team
mailing list