CVE-2023-53282

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write<br /> <br /> During the sysfs firmware write process, a use-after-free read warning is<br /> logged from the lpfc_wr_object() routine:<br /> <br /> BUG: KFENCE: use-after-free read in lpfc_wr_object+0x235/0x310 [lpfc]<br /> Use-after-free read at 0x0000000000cf164d (in kfence-#111):<br /> lpfc_wr_object+0x235/0x310 [lpfc]<br /> lpfc_write_firmware.cold+0x206/0x30d [lpfc]<br /> lpfc_sli4_request_firmware_update+0xa6/0x100 [lpfc]<br /> lpfc_request_firmware_upgrade_store+0x66/0xb0 [lpfc]<br /> kernfs_fop_write_iter+0x121/0x1b0<br /> new_sync_write+0x11c/0x1b0<br /> vfs_write+0x1ef/0x280<br /> ksys_write+0x5f/0xe0<br /> do_syscall_64+0x59/0x90<br /> entry_SYSCALL_64_after_hwframe+0x63/0xcd<br /> <br /> The driver accessed wr_object pointer data, which was initialized into<br /> mailbox payload memory, after the mailbox object was released back to the<br /> mailbox pool.<br /> <br /> Fix by moving the mailbox free calls to the end of the routine ensuring<br /> that we don&amp;#39;t reference internal mailbox memory after release.