7.8

CVE-2024-49852

scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del()

In the Linux kernel, the following vulnerability has been resolved:

scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del()

The kref_put() function will call nport->release if the refcount drops to
zero.  The nport->release release function is _efc_nport_free() which frees
"nport".  But then we dereference "nport" on the next line which is a use
after free.  Re-order these lines to avoid the use after free.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.14 < 5.15.168
LinuxLinux Kernel Version >= 5.16 < 6.1.113
LinuxLinux Kernel Version >= 6.2 < 6.6.54
LinuxLinux Kernel Version >= 6.7 < 6.10.13
LinuxLinux Kernel Version >= 6.11 < 6.11.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.109
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/16a570f07d870a285b0c0b0d1ca4dff79e8aa5ff
Patch
https://git.kernel.org/stable/c/2e4b02fad094976763af08fec2c620f4f8edd9ae
Patch
https://git.kernel.org/stable/c/7c2908985e4ae0ea1b526b3916de9e5351650908
Patch
https://git.kernel.org/stable/c/98752fcd076a8cbc978016eae7125b4971be1eec
Patch
https://git.kernel.org/stable/c/abc71e89170ed32ecf0a5a29f31aa711e143e941
Patch
https://git.kernel.org/stable/c/baeb8628ab7f4577740f00e439d3fdf7c876b0ff
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html