CVE-2024-26929 - Linux Kernel Vulnerability Resolved: SCSI qla2xxx Double Free of fcport
Content: In the Linux kernel, a recently resolved vulnerability has been identified, which involves the SCSI subsystem and is specifically related to the qla2xxx driver. The vulnerability, assigned CVE-2024-26929, could cause a server to crash due to a double free of the fcport data structure, resulting in a kernel panic and system instability.
The issue occurred when the qla2xxx driver attempted to free the fcport structure twice after a fibre channel LOGO (Logout) operation. This double free led to a kernel panic and stopped the server from functioning correctly.
Here is a snippet of the kernel panic traceback seen when encountering the bug
-----------[ cut here ]-----------
kernel BUG at mm/slub.c:371!
invalid opcode: 000 1 SMP PTI
CPU: 35 PID: 461 Comm: bash Kdump: loaded Tainted: G OE --------- - - 4.18.-425.3.1.el8.x86_64 #1
Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021
RIP: 001:set_freepointer.part.57+x/x10
RSP: 0018:ffffb07107027d90 EFLAGS: 00010246
...
Call Trace:
kfree+x238/x250
qla2x00_els_dcmd_sp_free+x20/x230 [qla2xxx]
? qla24xx_els_dcmd_iocb+x607/x690 [qla2xxx]
qla2x00_issue_logo+x28c/x2a [qla2xxx]
? qla2x00_issue_logo+x28c/x2a [qla2xxx]
? kernfs_fop_write+x11e/x1a
To address this issue, one of the free calls for the fcport structure has been removed from the qla2x00_issue_logo function, and additional checks have been added to verify if the fcport is valid before further operations. Furthermore, the qla2x00_free_fcport() function is now being used instead of kfree() to properly manage the memory allocation and deallocation of the fcport data structure.
For more information about the vulnerability and the proposed solution, please refer to the original discussion and patch submission on the Linux Kernel Mailing List: [https://patchwork.kernel.org/project/linux-scsi/patch/20211004203349.2146-1-akash_gajjar@qlogic.com/]
It is recommended that users and administrators apply the security patch or upgrade their kernel version to protect their systems against the potential impact of this vulnerability. The Linux kernel development team is commended for their swift response in identifying and addressing this issue.
Timeline
Published on: 05/01/2024 06:15:07 UTC
Last modified on: 08/08/2024 16:35:06 UTC