CVE-2021-47198: scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine

First published: Wed Apr 10 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine An error is detected with the following report when unloading the driver: "KASAN: use-after-free in lpfc_unreg_rpi+0x1b1b" The NLP_REG_LOGIN_SEND nlp_flag is set in lpfc_reg_fab_ctrl_node(), but the flag is not cleared upon completion of the login. This allows a second call to lpfc_unreg_rpi() to proceed with nlp_rpi set to LPFC_RPI_ALLOW_ERROR. This results in a use after free access when used as an rpi_ids array index. Fix by clearing the NLP_REG_LOGIN_SEND nlp_flag in lpfc_mbx_cmpl_fc_reg_login().

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/mitre-cve
• source/MITRE
• agent/references
• agent/weakness
• agent/description
• agent/first-publish-date
• agent/title
• agent/type
• agent/author
• agent/event
• collector/nvd-api
• source/NVD
• agent/software-canonical-lookup
• agent/remedy
• agent/severity
• agent/last-modified-date
• agent/tags
• agent/softwarecombine
• vendor/linux
• canonical/linux linux kernel