cve/published/2024/CVE-2024-49891.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-49891: scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths

 When the HBA is undergoing a reset or is handling an errata event, NULL ptr
 dereference crashes may occur in routines such as
 lpfc_sli_flush_io_rings(), lpfc_dev_loss_tmo_callbk(), or
 lpfc_abort_handler().

 Add NULL ptr checks before dereferencing hdwq pointers that may have been
 freed due to operations colliding with a reset or errata event handler.

 The Linux kernel CVE team has assigned CVE-2024-49891 to this issue.


 Affected and fixed versions
 ===========================

 	Fixed in 6.1.120 with commit 5873aa7f814754085d418848b2089ef406a02dd0
 	Fixed in 6.6.64 with commit 232a138bd843d48cb2368f604646d990db7640f3
 	Fixed in 6.10.14 with commit 99a801e2fca39a6f31e543fc3383058a8955896f
 	Fixed in 6.11.3 with commit fd665c8dbdb19548965b0ae80c490de00e906366
 	Fixed in 6.12 with commit 2be1d4f11944cd6283cb97268b3e17c4424945ca

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-49891
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/scsi/lpfc/lpfc_hbadisc.c
 	drivers/scsi/lpfc/lpfc_scsi.c
 	drivers/scsi/lpfc/lpfc_sli.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/5873aa7f814754085d418848b2089ef406a02dd0
 	https://git.kernel.org/stable/c/232a138bd843d48cb2368f604646d990db7640f3
 	https://git.kernel.org/stable/c/99a801e2fca39a6f31e543fc3383058a8955896f
 	https://git.kernel.org/stable/c/fd665c8dbdb19548965b0ae80c490de00e906366
 	https://git.kernel.org/stable/c/2be1d4f11944cd6283cb97268b3e17c4424945ca
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-49891: scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths

	When the HBA is undergoing a reset or is handling an errata event, NULL ptr
	dereference crashes may occur in routines such as
	lpfc_sli_flush_io_rings(), lpfc_dev_loss_tmo_callbk(), or
	lpfc_abort_handler().

	Add NULL ptr checks before dereferencing hdwq pointers that may have been
	freed due to operations colliding with a reset or errata event handler.

	The Linux kernel CVE team has assigned CVE-2024-49891 to this issue.


	Affected and fixed versions
	===========================

	Fixed in 6.1.120 with commit 5873aa7f814754085d418848b2089ef406a02dd0
	Fixed in 6.6.64 with commit 232a138bd843d48cb2368f604646d990db7640f3
	Fixed in 6.10.14 with commit 99a801e2fca39a6f31e543fc3383058a8955896f
	Fixed in 6.11.3 with commit fd665c8dbdb19548965b0ae80c490de00e906366
	Fixed in 6.12 with commit 2be1d4f11944cd6283cb97268b3e17c4424945ca

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-49891
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/scsi/lpfc/lpfc_hbadisc.c
	drivers/scsi/lpfc/lpfc_scsi.c
	drivers/scsi/lpfc/lpfc_sli.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/5873aa7f814754085d418848b2089ef406a02dd0
	https://git.kernel.org/stable/c/232a138bd843d48cb2368f604646d990db7640f3
	https://git.kernel.org/stable/c/99a801e2fca39a6f31e543fc3383058a8955896f
	https://git.kernel.org/stable/c/fd665c8dbdb19548965b0ae80c490de00e906366
	https://git.kernel.org/stable/c/2be1d4f11944cd6283cb97268b3e17c4424945ca