CVE-2024-49852: scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del()
First published: Mon Oct 21 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() The kref_put() function will call nport->release if the refcount drops to zero. The nport->release release function is _efc_nport_free() which frees "nport". But then we dereference "nport" on the next line which is a use after free. Re-order these lines to avoid the use after free.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux kernel | >=5.14<5.15.168 | |
| Linux kernel | >=5.16<6.1.113 | |
| Linux kernel | >=6.2<6.6.54 | |
| Linux kernel | >=6.7<6.10.13 | |
| Linux kernel | >=6.11<6.11.2 | |
| Linux Kernel | >=5.14<5.15.168 | |
| Linux Kernel | >=5.16<6.1.113 | |
| Linux Kernel | >=6.2<6.6.54 | |
| Linux Kernel | >=6.7<6.10.13 | |
| Linux Kernel | >=6.11<6.11.2 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 | |
| debian/linux-6.1 | 6.1.129-1~deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/16a570f07d870a285b0c0b0d1ca4dff79e8aa5ff
- https://git.kernel.org/stable/c/2e4b02fad094976763af08fec2c620f4f8edd9ae
- https://git.kernel.org/stable/c/7c2908985e4ae0ea1b526b3916de9e5351650908
- https://git.kernel.org/stable/c/98752fcd076a8cbc978016eae7125b4971be1eec
- https://git.kernel.org/stable/c/abc71e89170ed32ecf0a5a29f31aa711e143e941
- https://git.kernel.org/stable/c/baeb8628ab7f4577740f00e439d3fdf7c876b0ff
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49852
- https://nvd.nist.gov/vuln/detail/CVE-2024-49852
- https://launchpad.net/bugs/cve/CVE-2024-49852
- https://security-tracker.debian.org/tracker/CVE-2024-49852
- https://ubuntu.com/security/CVE-2024-49852
- https://git.kernel.org/linus/2e4b02fad094976763af08fec2c620f4f8edd9ae
Frequently Asked Questions
What is the severity of CVE-2024-49852?
CVE-2024-49852 is classified as a medium severity vulnerability in the Linux Kernel.
How do I fix CVE-2024-49852?
To fix CVE-2024-49852, users should upgrade their Linux Kernel to the latest stable version that includes the security patch.
What versions of Linux Kernel are affected by CVE-2024-49852?
CVE-2024-49852 affects multiple Linux Kernel versions from 5.14 up to before 5.15.168 and several versions within the 5.16 to 6.6 range.
Is CVE-2024-49852 a remote vulnerability?
CVE-2024-49852 does not explicitly indicate that it is a remote vulnerability but may allow for local privilege escalation.
Who is responsible for the fix for CVE-2024-49852?
The Linux kernel development community is responsible for addressing and fixing CVE-2024-49852.
- agent/title
- agent/type
- agent/first-publish-date
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- collector/usn-cve
- source/Ubuntu
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- collector/launchpad-cve
- source/Launchpad
- agent/source
- agent/softwarecombine
- agent/description
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/event
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.14
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.11
- package-manager/debian