PT-2024-11073 · Linux+1 · Linux Kernel+1

Dan Carpenter

Published

2021-03-29

Updated

2024-12-11

CVE-2021-46963

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a crash in the qla2xxx mqueuecommand() function. The problem arises from an incorrect call to free srb in qla2xxx mqueuecommand(), as srb is now allocated by upper layers. This fixes a smatch warning of srb unintended free. The call trace includes qla2xxx mqueuecommand+0x2b5/0x2c0, scsi queue rq+0x5e2/0xa40, blk mq try issue directly+0x128/0x1d0, and blk mq request issue directly+0x4e/0xb0. The function kmem cache free+0xfa/0x1b0 is also involved.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-02987

CVE-2021-46963

OPENSUSE-SU-2024_1489-1

SUSE-SU-2024:1454-1

SUSE-SU-2024:1465-1

SUSE-SU-2024:1489-1

SUSE-SU-2024:1643-1

SUSE-SU-2024:1646-1

SUSE-SU-2024:1870-1

Affected Products

Linux Kernel

Suse

PT-2024-11073 · Linux+1 · Linux Kernel+1

CVE-2021-46963

Weakness Enumeration

Related Identifiers

Affected Products

References · 620