CVE-2024-53227: scsi: bfa: Fix use-after-free in bfad_im_module_exit()
First published: Fri Dec 27 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Fix use-after-free in bfad_im_module_exit() BUG: KASAN: slab-use-after-free in __lock_acquire+0x2aca/0x3a20 Read of size 8 at addr ffff8881082d80c8 by task modprobe/25303 Call Trace: <TASK> dump_stack_lvl+0x95/0xe0 print_report+0xcb/0x620 kasan_report+0xbd/0xf0 __lock_acquire+0x2aca/0x3a20 lock_acquire+0x19b/0x520 _raw_spin_lock+0x2b/0x40 attribute_container_unregister+0x30/0x160 fc_release_transport+0x19/0x90 [scsi_transport_fc] bfad_im_module_exit+0x23/0x60 [bfa] bfad_init+0xdb/0xff0 [bfa] do_one_initcall+0xdc/0x550 do_init_module+0x22d/0x6b0 load_module+0x4e96/0x5ff0 init_module_from_file+0xcd/0x130 idempotent_init_module+0x330/0x620 __x64_sys_finit_module+0xb3/0x110 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f </TASK> Allocated by task 25303: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x7f/0x90 fc_attach_transport+0x4f/0x4740 [scsi_transport_fc] bfad_im_module_init+0x17/0x80 [bfa] bfad_init+0x23/0xff0 [bfa] do_one_initcall+0xdc/0x550 do_init_module+0x22d/0x6b0 load_module+0x4e96/0x5ff0 init_module_from_file+0xcd/0x130 idempotent_init_module+0x330/0x620 __x64_sys_finit_module+0xb3/0x110 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 25303: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x38/0x50 kfree+0x212/0x480 bfad_im_module_init+0x7e/0x80 [bfa] bfad_init+0x23/0xff0 [bfa] do_one_initcall+0xdc/0x550 do_init_module+0x22d/0x6b0 load_module+0x4e96/0x5ff0 init_module_from_file+0xcd/0x130 idempotent_init_module+0x330/0x620 __x64_sys_finit_module+0xb3/0x110 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Above issue happens as follows: bfad_init error = bfad_im_module_init() fc_release_transport(bfad_im_scsi_transport_template); if (error) goto ext; ext: bfad_im_module_exit(); fc_release_transport(bfad_im_scsi_transport_template); --> Trigger double release Don't call bfad_im_module_exit() if bfad_im_module_init() failed.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=2.6.32<4.19.325 | |
| Linux Kernel | >=4.20<5.4.287 | |
| Linux Kernel | >=5.5<5.10.231 | |
| Linux Kernel | >=5.11<5.15.174 | |
| Linux Kernel | >=5.16<6.1.120 | |
| Linux Kernel | >=6.2<6.6.64 | |
| Linux Kernel | >=6.7<6.11.11 | |
| Linux Kernel | >=6.12<6.12.2 | |
| debian/linux | <=5.10.223-1<=5.10.226-1 | 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/0ceac8012d3ddea3317f0d82934293d05feb8af1
- https://git.kernel.org/stable/c/3932c753f805a02e9364a4c58b590f21901f8490
- https://git.kernel.org/stable/c/ef2c2580189ea88a0dcaf56eb3a565763a900edb
- https://git.kernel.org/stable/c/e76181a5be90abcc3ed8a300bd13878aa214d022
- https://git.kernel.org/stable/c/8f5a97443b547b4c83f876f1d6a11df0f1fd4efb
- https://git.kernel.org/stable/c/c28409f851abd93b37969cac7498828ad533afd9
- https://git.kernel.org/stable/c/1ffdde30a90bf8efe8f270407f486706962b3292
- https://git.kernel.org/stable/c/a2b5035ab0e368e8d8a371e27fbc72f133c0bd40
- https://git.kernel.org/stable/c/178b8f38932d635e90f5f0e9af1986c6f4a89271
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53227
- https://nvd.nist.gov/vuln/detail/CVE-2024-53227
- https://launchpad.net/bugs/cve/CVE-2024-53227
- https://security-tracker.debian.org/tracker/CVE-2024-53227
- https://ubuntu.com/security/CVE-2024-53227
- https://git.kernel.org/linus/178b8f38932d635e90f5f0e9af1986c6f4a89271
Frequently Asked Questions
What is the severity of CVE-2024-53227?
CVE-2024-53227 has been classified with a high severity level due to its use-after-free vulnerability in the Linux kernel.
How do I fix CVE-2024-53227?
To fix CVE-2024-53227, it is recommended to upgrade to a patched version of the Linux kernel that resolves this vulnerability.
Which versions of the Linux kernel are affected by CVE-2024-53227?
CVE-2024-53227 affects multiple versions of the Linux kernel ranging from 2.6.32 to 6.12.x.
What are the potential impacts of CVE-2024-53227?
The potential impacts of CVE-2024-53227 include unauthorized access and remote code execution due to the use-after-free condition.
Is there a workaround for CVE-2024-53227?
There are no known effective workarounds for CVE-2024-53227; upgrading to a secure kernel version is the recommended action.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/remedy
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- collector/launchpad-cve
- source/Launchpad
- agent/references
- agent/source
- agent/tags
- agent/description
- collector/security-tracker-debian
- source/Debian
- collector/nvd-cve
- agent/softwarecombine
- agent/event
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.32
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.12
- package-manager/debian