Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-53227

Severity CVSS v4.0:
Pending analysis
Type:
CWE-416 Use After Free
Publication date:
27/12/2024
Last modified:
03/11/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: bfa: Fix use-after-free in bfad_im_module_exit()<br /> <br /> BUG: KASAN: slab-use-after-free in __lock_acquire+0x2aca/0x3a20<br /> Read of size 8 at addr ffff8881082d80c8 by task modprobe/25303<br /> <br /> Call Trace:<br /> <br /> dump_stack_lvl+0x95/0xe0<br /> print_report+0xcb/0x620<br /> kasan_report+0xbd/0xf0<br /> __lock_acquire+0x2aca/0x3a20<br /> lock_acquire+0x19b/0x520<br /> _raw_spin_lock+0x2b/0x40<br /> attribute_container_unregister+0x30/0x160<br /> fc_release_transport+0x19/0x90 [scsi_transport_fc]<br /> bfad_im_module_exit+0x23/0x60 [bfa]<br /> bfad_init+0xdb/0xff0 [bfa]<br /> do_one_initcall+0xdc/0x550<br /> do_init_module+0x22d/0x6b0<br /> load_module+0x4e96/0x5ff0<br /> init_module_from_file+0xcd/0x130<br /> idempotent_init_module+0x330/0x620<br /> __x64_sys_finit_module+0xb3/0x110<br /> do_syscall_64+0xc1/0x1d0<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> <br /> <br /> Allocated by task 25303:<br /> kasan_save_stack+0x24/0x50<br /> kasan_save_track+0x14/0x30<br /> __kasan_kmalloc+0x7f/0x90<br /> fc_attach_transport+0x4f/0x4740 [scsi_transport_fc]<br /> bfad_im_module_init+0x17/0x80 [bfa]<br /> bfad_init+0x23/0xff0 [bfa]<br /> do_one_initcall+0xdc/0x550<br /> do_init_module+0x22d/0x6b0<br /> load_module+0x4e96/0x5ff0<br /> init_module_from_file+0xcd/0x130<br /> idempotent_init_module+0x330/0x620<br /> __x64_sys_finit_module+0xb3/0x110<br /> do_syscall_64+0xc1/0x1d0<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> <br /> Freed by task 25303:<br /> kasan_save_stack+0x24/0x50<br /> kasan_save_track+0x14/0x30<br /> kasan_save_free_info+0x3b/0x60<br /> __kasan_slab_free+0x38/0x50<br /> kfree+0x212/0x480<br /> bfad_im_module_init+0x7e/0x80 [bfa]<br /> bfad_init+0x23/0xff0 [bfa]<br /> do_one_initcall+0xdc/0x550<br /> do_init_module+0x22d/0x6b0<br /> load_module+0x4e96/0x5ff0<br /> init_module_from_file+0xcd/0x130<br /> idempotent_init_module+0x330/0x620<br /> __x64_sys_finit_module+0xb3/0x110<br /> do_syscall_64+0xc1/0x1d0<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> <br /> Above issue happens as follows:<br /> <br /> bfad_init<br /> error = bfad_im_module_init()<br /> fc_release_transport(bfad_im_scsi_transport_template);<br /> if (error)<br /> goto ext;<br /> <br /> ext:<br /> bfad_im_module_exit();<br /> fc_release_transport(bfad_im_scsi_transport_template);<br /> --&gt; Trigger double release<br /> <br /> Don&amp;#39;t call bfad_im_module_exit() if bfad_im_module_init() failed.

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.80 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x
7.80
Severity 3.x
HIGH

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 2.6.32 (including) 4.19.325 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.20 (including) 5.4.287 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.5 (including) 5.10.231 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.174 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.1.120 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.64 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.11.11 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.12 (including) 6.12.2 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools