CVE-2024-42289
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
17/08/2024
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
scsi: qla2xxx: During vport delete send async logout explicitly<br />
<br />
During vport delete, it is observed that during unload we hit a crash<br />
because of stale entries in outstanding command array. For all these stale<br />
I/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but<br />
I/Os could not complete while vport delete is in process of deleting.<br />
<br />
BUG: kernel NULL pointer dereference, address: 000000000000001c<br />
#PF: supervisor read access in kernel mode<br />
#PF: error_code(0x0000) - not-present page<br />
PGD 0 P4D 0<br />
Oops: 0000 [#1] PREEMPT SMP NOPTI<br />
Workqueue: qla2xxx_wq qla_do_work [qla2xxx]<br />
RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0<br />
RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046<br />
RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001<br />
RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0<br />
RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8<br />
R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000<br />
R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000<br />
FS: 0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000<br />
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br />
CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0<br />
Call Trace:<br />
<br />
qla2xxx_qpair_sp_free_dma+0x417/0x4e0<br />
? qla2xxx_qpair_sp_compl+0x10d/0x1a0<br />
? qla2x00_status_entry+0x768/0x2830<br />
? newidle_balance+0x2f0/0x430<br />
? dequeue_entity+0x100/0x3c0<br />
? qla24xx_process_response_queue+0x6a1/0x19e0<br />
? __schedule+0x2d5/0x1140<br />
? qla_do_work+0x47/0x60<br />
? process_one_work+0x267/0x440<br />
? process_one_work+0x440/0x440<br />
? worker_thread+0x2d/0x3d0<br />
? process_one_work+0x440/0x440<br />
? kthread+0x156/0x180<br />
? set_kthread_struct+0x50/0x50<br />
? ret_from_fork+0x22/0x30<br />
<br />
<br />
Send out async logout explicitly for all the ports during vport delete.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.19.320 (excluding) | |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.282 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.224 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.165 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.103 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.44 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.10.3 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/086489256696eb774654a5410e86381c346356fe
- https://git.kernel.org/stable/c/171ac4b495f9473bc134356a00095b47e6409e52
- https://git.kernel.org/stable/c/76f480d7c717368f29a3870f7d64471ce0ff8fb2
- https://git.kernel.org/stable/c/87c25fcb95aafabb6a4914239f4ab41b07a4f9b7
- https://git.kernel.org/stable/c/b12c54e51ba83c1fbc619d35083d7872e42ecdef
- https://git.kernel.org/stable/c/b35d6d5a2f38605cddea7d5c64cded894fbe8ede
- https://git.kernel.org/stable/c/d28a2075bb530489715a3b011e1dd8765ba20313
- https://git.kernel.org/stable/c/e5ed6a26ffdec0c91cf0b6138afbd675c00ad5fc
- https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html