Action not permitted
Modal body text goes here.
gsd-2024-26931
Vulnerability from gsd
Modified
2024-02-20 06:02
Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
{ "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2024-26931" ], "id": "GSD-2024-26931", "modified": "2024-02-20T06:02:29.314313Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2024-26931", "STATE": "RESERVED" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } } } }
cve-2024-26931
Vulnerability from cvelistv5
Published
2024-05-01 05:17
Modified
2024-09-11 17:33
Severity
Summary
scsi: qla2xxx: Fix command flush on cable pull
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:21:05.629Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b73377124f56d2fec154737c2f8d2e839c237d5a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d7a68eee87b05d4e29419e6f151aef99314970a9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/67b2d35853c2da25a8ca1c4190a5e96d3083c2ac" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a859f6a8f4234b8ef62862bf7a92f1af5f8cd47a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/09c0ac18cac206ed1218b1fe6c1a0918e5ea9211" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8de1584ec4fe0ebea33c273036e7e0a05e65c81d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8f0d32004e3a572bb77e6c11c2797c87f8c9703d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ec7587eef003cab15a13446d67c3adb88146a150" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a27d4d0e7de305def8a5098a614053be208d1aa1" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26931", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:45:55.384223Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:53.290Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/scsi/qla2xxx/qla_target.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "b73377124f56", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "d7a68eee87b0", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "67b2d35853c2", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "a859f6a8f423", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "09c0ac18cac2", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "8de1584ec4fe", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "8f0d32004e3a", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "ec7587eef003", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "a27d4d0e7de3", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/scsi/qla2xxx/qla_target.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.312", "versionType": "custom" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.274", "versionType": "custom" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.215", "versionType": "custom" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.154", "versionType": "custom" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.84", "versionType": "custom" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.24", "versionType": "custom" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.12", "versionType": "custom" }, { "lessThanOrEqual": "6.8.*", "status": "unaffected", "version": "6.8.3", "versionType": "custom" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix command flush on cable pull\n\nSystem crash due to command failed to flush back to SCSI layer.\n\n BUG: unable to handle kernel NULL pointer dereference at 0000000000000000\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP NOPTI\n CPU: 27 PID: 793455 Comm: kworker/u130:6 Kdump: loaded Tainted: G OE --------- - - 4.18.0-372.9.1.el8.x86_64 #1\n Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021\n Workqueue: nvme-wq nvme_fc_connect_ctrl_work [nvme_fc]\n RIP: 0010:__wake_up_common+0x4c/0x190\n Code: 24 10 4d 85 c9 74 0a 41 f6 01 04 0f 85 9d 00 00 00 48 8b 43 08 48 83 c3 08 4c 8d 48 e8 49 8d 41 18 48 39 c3 0f 84 f0 00 00 00 \u003c49\u003e 8b 41 18 89 54 24 08 31 ed 4c 8d 70 e8 45 8b 29 41 f6 c5 04 75\n RSP: 0018:ffff95f3e0cb7cd0 EFLAGS: 00010086\n RAX: 0000000000000000 RBX: ffff8b08d3b26328 RCX: 0000000000000000\n RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffff8b08d3b26320\n RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffffffffe8\n R10: 0000000000000000 R11: ffff95f3e0cb7a60 R12: ffff95f3e0cb7d20\n R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff8b2fdf6c0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 0000002f1e410002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n __wake_up_common_lock+0x7c/0xc0\n qla_nvme_ls_req+0x355/0x4c0 [qla2xxx]\n qla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae1407ca000 from port 21:32:00:02:ac:07:ee:b8 loop_id 0x02 s_id 01:02:00 logout 1 keep 0 els_logo 0\n ? __nvme_fc_send_ls_req+0x260/0x380 [nvme_fc]\n qla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:00:02:ac:07:ee:b8 state transitioned from ONLINE to LOST - portid=010200.\n ? nvme_fc_send_ls_req.constprop.42+0x1a/0x45 [nvme_fc]\n qla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320002ac07eeb8. rport ffff8ae598122000 roles 1\n ? nvme_fc_connect_ctrl_work.cold.63+0x1e3/0xa7d [nvme_fc]\n qla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae14801e000 from port 21:32:01:02:ad:f7:ee:b8 loop_id 0x04 s_id 01:02:01 logout 1 keep 0 els_logo 0\n ? __switch_to+0x10c/0x450\n ? process_one_work+0x1a7/0x360\n qla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:01:02:ad:f7:ee:b8 state transitioned from ONLINE to LOST - portid=010201.\n ? worker_thread+0x1ce/0x390\n ? create_worker+0x1a0/0x1a0\n qla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320102adf7eeb8. rport ffff8ae3b2312800 roles 70\n ? kthread+0x10a/0x120\n qla2xxx [0000:12:00.1]-2112:3: qla_nvme_unregister_remote_port: unregister remoteport on ffff8ae14801e000 21320102adf7eeb8\n ? set_kthread_struct+0x40/0x40\n qla2xxx [0000:12:00.1]-2110:3: remoteport_delete of ffff8ae14801e000 21320102adf7eeb8 completed.\n ? ret_from_fork+0x1f/0x40\n qla2xxx [0000:12:00.1]-f086:3: qlt_free_session_done: waiting for sess ffff8ae14801e000 logout\n\nThe system was under memory stress where driver was not able to allocate an\nSRB to carry out error recovery of cable pull. The failure to flush causes\nupper layer to start modifying scsi_cmnd. When the system frees up some\nmemory, the subsequent cable pull trigger another command flush. At this\npoint the driver access a null pointer when attempting to DMA unmap the\nSGL.\n\nAdd a check to make sure commands are flush back on session tear down to\nprevent the null pointer access." } ], "providerMetadata": { "dateUpdated": "2024-05-29T05:25:13.945Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/b73377124f56d2fec154737c2f8d2e839c237d5a" }, { "url": "https://git.kernel.org/stable/c/d7a68eee87b05d4e29419e6f151aef99314970a9" }, { "url": "https://git.kernel.org/stable/c/67b2d35853c2da25a8ca1c4190a5e96d3083c2ac" }, { "url": "https://git.kernel.org/stable/c/a859f6a8f4234b8ef62862bf7a92f1af5f8cd47a" }, { "url": "https://git.kernel.org/stable/c/09c0ac18cac206ed1218b1fe6c1a0918e5ea9211" }, { "url": "https://git.kernel.org/stable/c/8de1584ec4fe0ebea33c273036e7e0a05e65c81d" }, { "url": "https://git.kernel.org/stable/c/8f0d32004e3a572bb77e6c11c2797c87f8c9703d" }, { "url": "https://git.kernel.org/stable/c/ec7587eef003cab15a13446d67c3adb88146a150" }, { "url": "https://git.kernel.org/stable/c/a27d4d0e7de305def8a5098a614053be208d1aa1" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "scsi: qla2xxx: Fix command flush on cable pull", "x_generator": { "engine": "bippy-a5840b7849dd" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26931", "datePublished": "2024-05-01T05:17:14.823Z", "dateReserved": "2024-02-19T14:20:24.195Z", "dateUpdated": "2024-09-11T17:33:53.290Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading...