CVE-2024-49891

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue concerns the Linux kernel, specifically the scsi: lpfc component. When the HBA is undergoing a reset or handling an errata event, NULL pointer dereference crashes may occur in routines such as lpfc sli flush io rings(), lpfc dev loss tmo callbk(), or lpfc abort handler(). To address this, NULL pointer checks have been added before dereferencing hdwq pointers that may have been freed due to operations colliding with a reset or errata event handler.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALT-PU-2025-12647

AZL-51391

AZL-51518

BDU:2025-07997

CVE-2024-49891

DLA-4076-1

OESA-2024-2518

OESA-2024-2519

OESA-2024-2521

OESA-2024-2522

OPENSUSE-SU-2024:14500-1

OPENSUSE-SU-2024_3984-1

OPENSUSE-SU-2024_3986-1

OPENSUSE-SU-2024_4315-1

OPENSUSE-SU-2024_4376-1

OPENSUSE-SU-2025:14705-1

SUSE-SU-2024:3984-1

SUSE-SU-2024:3986-1

SUSE-SU-2024:4100-1

SUSE-SU-2024:4315-1

SUSE-SU-2024:4318-1

SUSE-SU-2024:4364-1

SUSE-SU-2024:4376-1

SUSE-SU-2024:4387-1

SUSE-SU-2025:0034-1

SUSE-SU-2025:20163-1

SUSE-SU-2025:20164-1

SUSE-SU-2025:20246-1

SUSE-SU-2025:20247-1

USN-7276-1

USN-7277-1

USN-7301-1

USN-7303-1

USN-7303-2

USN-7303-3

USN-7304-1

USN-7310-1

USN-7311-1

USN-7384-1

USN-7384-2

USN-7385-1

USN-7386-1

USN-7403-1

USN-7468-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2024-49891

Weakness Enumeration

Related Identifiers

Affected Products

References · 2642