Nilesh Javali

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.74 **Description** A use-after-free issue has been resolved in the Linux kernel, specifically in the scsi: qla2xxx module. This issue occurs when the `dpc thread` is terminated using the `UNLOADING` flag and `kthread stop` simultaneously, causing a system crash with a stack trace warning of use-after-free. The `UNLOADING` flag is removed to terminate `dpc thread`, and `kthread stop` is used as the main signal to exit `dpc thread`. The issue is observed on HP ProLiant DL380p Gen8 systems with BIOS P70 08/20/2012. **Recommendations** To resolve this issue, update the Linux kernel to version 6.6.74 or later. As a temporary workaround, consider disabling the `qla2xxx` module until a patch is available. Restrict access to the `dpc thread` to minimize the risk of exploitation. Avoid using the `UNLOADING` flag to terminate `dpc thread` until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.50 **Description** The issue is related to a possible memory corruption in the scsi component of the Linux kernel, specifically in the qla2xxx module. The Init Control Block is dereferenced incorrectly, which can be exploited to potentially elevate privileges. **Recommendations** For versions prior to 6.6.50, update to version 6.6.50 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable scsi component until a patch is available.