cve/published/2021/CVE-2021-46963.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2021-46963: scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand()

     RIP: 0010:kmem_cache_free+0xfa/0x1b0
     Call Trace:
        qla2xxx_mqueuecommand+0x2b5/0x2c0 [qla2xxx]
        scsi_queue_rq+0x5e2/0xa40
        __blk_mq_try_issue_directly+0x128/0x1d0
        blk_mq_request_issue_directly+0x4e/0xb0

 Fix incorrect call to free srb in qla2xxx_mqueuecommand(), as srb is now
 allocated by upper layers. This fixes smatch warning of srb unintended
 free.

 The Linux kernel CVE team has assigned CVE-2021-46963 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.19.90 with commit 64a8c5018a4b21b04a756a56c495ef47c14e92d9 and fixed in 4.19.191 with commit c5ab9b67d8b061de74e2ca51bf787ee599bd7f89
 	Issue introduced in 5.4.4 with commit dea6ee7173039d489977c9ed92e3749154615db4 and fixed in 5.4.118 with commit 77509a238547863040a42d57c72403f7d4c89a8f
 	Issue introduced in 5.5 with commit af2a0c51b1205327f55a7e82e530403ae1d42cbb and fixed in 5.10.36 with commit 702cdaa2c6283c135ef16d52e0e4e3c1005aa538
 	Issue introduced in 5.5 with commit af2a0c51b1205327f55a7e82e530403ae1d42cbb and fixed in 5.11.20 with commit 80ef24175df2cba3860d0369d1c662b49ee2de56
 	Issue introduced in 5.5 with commit af2a0c51b1205327f55a7e82e530403ae1d42cbb and fixed in 5.12.3 with commit a73208e3244127ef9f2cdf24e4adb947aaa32053
 	Issue introduced in 5.5 with commit af2a0c51b1205327f55a7e82e530403ae1d42cbb and fixed in 5.13 with commit 6641df81ab799f28a5d564f860233dd26cca0d93
 	Issue introduced in 5.3.17 with commit 4a1cc2f71bc57cf8dee6f58e7d2355a43aabb312

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2021-46963
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/scsi/qla2xxx/qla_os.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/c5ab9b67d8b061de74e2ca51bf787ee599bd7f89
 	https://git.kernel.org/stable/c/77509a238547863040a42d57c72403f7d4c89a8f
 	https://git.kernel.org/stable/c/702cdaa2c6283c135ef16d52e0e4e3c1005aa538
 	https://git.kernel.org/stable/c/80ef24175df2cba3860d0369d1c662b49ee2de56
 	https://git.kernel.org/stable/c/a73208e3244127ef9f2cdf24e4adb947aaa32053
 	https://git.kernel.org/stable/c/6641df81ab799f28a5d564f860233dd26cca0d93
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2021-46963: scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand()

	RIP: 0010:kmem_cache_free+0xfa/0x1b0
	Call Trace:
	qla2xxx_mqueuecommand+0x2b5/0x2c0 [qla2xxx]
	scsi_queue_rq+0x5e2/0xa40
	__blk_mq_try_issue_directly+0x128/0x1d0
	blk_mq_request_issue_directly+0x4e/0xb0

	Fix incorrect call to free srb in qla2xxx_mqueuecommand(), as srb is now
	allocated by upper layers. This fixes smatch warning of srb unintended
	free.

	The Linux kernel CVE team has assigned CVE-2021-46963 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.19.90 with commit 64a8c5018a4b21b04a756a56c495ef47c14e92d9 and fixed in 4.19.191 with commit c5ab9b67d8b061de74e2ca51bf787ee599bd7f89
	Issue introduced in 5.4.4 with commit dea6ee7173039d489977c9ed92e3749154615db4 and fixed in 5.4.118 with commit 77509a238547863040a42d57c72403f7d4c89a8f
	Issue introduced in 5.5 with commit af2a0c51b1205327f55a7e82e530403ae1d42cbb and fixed in 5.10.36 with commit 702cdaa2c6283c135ef16d52e0e4e3c1005aa538
	Issue introduced in 5.5 with commit af2a0c51b1205327f55a7e82e530403ae1d42cbb and fixed in 5.11.20 with commit 80ef24175df2cba3860d0369d1c662b49ee2de56
	Issue introduced in 5.5 with commit af2a0c51b1205327f55a7e82e530403ae1d42cbb and fixed in 5.12.3 with commit a73208e3244127ef9f2cdf24e4adb947aaa32053
	Issue introduced in 5.5 with commit af2a0c51b1205327f55a7e82e530403ae1d42cbb and fixed in 5.13 with commit 6641df81ab799f28a5d564f860233dd26cca0d93
	Issue introduced in 5.3.17 with commit 4a1cc2f71bc57cf8dee6f58e7d2355a43aabb312

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2021-46963
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/scsi/qla2xxx/qla_os.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/c5ab9b67d8b061de74e2ca51bf787ee599bd7f89
	https://git.kernel.org/stable/c/77509a238547863040a42d57c72403f7d4c89a8f
	https://git.kernel.org/stable/c/702cdaa2c6283c135ef16d52e0e4e3c1005aa538
	https://git.kernel.org/stable/c/80ef24175df2cba3860d0369d1c662b49ee2de56
	https://git.kernel.org/stable/c/a73208e3244127ef9f2cdf24e4adb947aaa32053
	https://git.kernel.org/stable/c/6641df81ab799f28a5d564f860233dd26cca0d93