PT-2024-11467 · Linux+2 · Linux Kernel+2

Joy Gu

Published

2021-10-12

Updated

2025-01-07

CVE-2021-47473

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak has been identified in the Linux kernel, specifically in the scsi: qla2xxx module, within the error path of the qla2x00 process els() function. The issue arises from an incorrect change in the code, where bsg job->request->msgcode == FC BSG HST ELS NOLOGIN and bsg job->request->msgcode != FC BSG RPT ELS were intended, but instead, bsg job->request->msgcode == FC BSG RPT ELS was implemented. This mistake can lead to the leaking of the fcport structure or the freeing of unallocated memory. The commit 8c0eb596baa5 aimed to fix this issue by changing the comparison operator from == to != for FC BSG RPT ELS.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Leak

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-415

Related Identifiers

BDU:2025-03661

CVE-2021-47473

OESA-2024-1677

OESA-2024-1678

OPENSUSE-SU-2024_2185-1

OPENSUSE-SU-2024_2189-1

SUSE-SU-2024:1979-1

SUSE-SU-2024:1983-1

SUSE-SU-2024:2008-1

SUSE-SU-2024:2010-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2183-1

SUSE-SU-2024:2184-1

SUSE-SU-2024:2185-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2024-11467 · Linux+2 · Linux Kernel+2

CVE-2021-47473

Weakness Enumeration

Related Identifiers

Affected Products

References · 1595