5.5

CVE-2024-47666

scsi: pm80xx: Set phy->enable_completion only when we wait for it

In the Linux kernel, the following vulnerability has been resolved:

scsi: pm80xx: Set phy->enable_completion only when we wait for it

pm8001_phy_control() populates the enable_completion pointer with a stack
address, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and
returns. The problem arises when a phy control response comes late.  After
300 ms the pm8001_phy_control() function returns and the passed
enable_completion stack address is no longer valid. Late phy control
response invokes complete() on a dangling enable_completion pointer which
leads to a kernel crash.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 6.6.51
LinuxLinux Kernel Version >= 6.7 < 6.10.10
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.108
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/7b1d779647afaea9185fa2f150b1721e7c1aae89
Patch
https://git.kernel.org/stable/c/e4f949ef1516c0d74745ee54a0f4882c1f6c7aea
Patch
https://git.kernel.org/stable/c/f14d3e1aa613311c744af32d75125e95fc8ffb84
Patch
https://git.kernel.org/stable/c/a5d954802bda1aabcba49633cd94bad91c94113f
https://git.kernel.org/stable/c/ddc501f4130f4baa787cb6cfa309af697179f475
https://git.kernel.org/stable/c/e23ee0cc5bded07e700553aecc333bb20c768546