CVE-2021-47183: scsi: lpfc: Fix link down processing to address NULL pointer dereference

First published: Wed Apr 10 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix link down processing to address NULL pointer dereference If an FC link down transition while PLOGIs are outstanding to fabric well known addresses, outstanding ABTS requests may result in a NULL pointer dereference. Driver unload requests may hang with repeated "2878" log messages. The Link down processing results in ABTS requests for outstanding ELS requests. The Abort WQEs are sent for the ELSs before the driver had set the link state to down. Thus the driver is sending the Abort with the expectation that an ABTS will be sent on the wire. The Abort request is stalled waiting for the link to come up. In some conditions the driver may auto-complete the ELSs thus if the link does come up, the Abort completions may reference an invalid structure. Fix by ensuring that Abort set the flag to avoid link traffic if issued due to conditions where the link failed.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/references
• agent/weakness
• agent/description
• agent/first-publish-date
• agent/title
• agent/type
• agent/author
• agent/event
• collector/mitre-cve
• source/MITRE
• agent/source
• agent/severity
• agent/last-modified-date
• agent/remedy
• agent/softwarecombine
• agent/tags
• agent/guess-ai
• agent/software-canonical-lookup
• agent/software-canonical-lookup-request
• collector/nvd-api
• source/NVD
• vendor/linux
• canonical/linux kernel