7.8

CVE-2024-26930

scsi: qla2xxx: Fix double free of the ha->vp_map pointer

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Fix double free of the ha->vp_map pointer

Coverity scan reported potential risk of double free of the pointer
ha->vp_map.  ha->vp_map was freed in qla2x00_mem_alloc(), and again freed
in function qla2x00_mem_free(ha).

Assign NULL to vp_map and kfree take care of NULL.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.3 < 6.6.24
LinuxLinux Kernel Version >= 6.7 < 6.7.12
LinuxLinux Kernel Version >= 6.8 < 6.8.3
LinuxLinux Kernel Version6.9 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.146
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-415 Double Free

The product calls free() twice on the same memory address.

https://git.kernel.org/stable/c/825d63164a2e6bacb059a9afb5605425b485413f
Patch
https://git.kernel.org/stable/c/b7deb675d674f44e0ddbab87fee8f9f098925e73
Patch
https://git.kernel.org/stable/c/e288285d47784fdcf7c81be56df7d65c6f10c58b
Patch
https://git.kernel.org/stable/c/f14cee7a882cb79528f17a2335f53e9fd1848467
Patch