VDB

CISA-2021-47198

CISA-2021-47198 PUBLISHED

Reported by Linux · Published April 10, 2024

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine An error is detected with the following report when unloading the driver: "KASAN: use-after-free in lpfc_unreg_rpi+0x1b1b" The NLP_REG_LOGIN_SEND nlp_flag is set in lpfc_reg_fab_ctrl_node(), but the flag is not cleared upon completion of the login. This allows a second call to lpfc_unreg_rpi() to proceed with nlp_rpi set to LPFC_RPI_ALLOW_ERROR. This results in a use after free access when used as an rpi_ids array index. Fix by clearing the NLP_REG_LOGIN_SEND nlp_flag in lpfc_mbx_cmpl_fc_reg_login().

Affected Products

VendorProductVersions
LinuxLinuxfe83e3b9b422ac8ece2359c7b7290efe7f0335a2, fe83e3b9b422ac8ece2359c7b7290efe7f0335a2
LinuxLinux5.14, 0, 5.15.5
LinuxLinux5.16, fe83e3b9b422ac8ece2359c7b7290efe7f0335a2, 5.14
linuxlinux_kernel5.14, 5.14, 5.14

Timeline

  • Apr 10, 2024 CVE Published
  • Dec 18, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›