CVE-2024-36952

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to a race condition in the Linux kernel's lpfc component, specifically in the lpfc vport delete() function. This occurs when a vport is unregistered before the Remove All DA ID CT and LOGO ELS are sent to the fabric, causing the fabric switch to still believe the NPIV is logged into the fabric. The fc remove host() function, which calls dev loss tmo for all D IDs including the fabric D ID, removes the last ndlp reference and frees the ndlp rport object, sometimes causing the final DA ID and LOGO to be skipped from being sent to the fabric switch.

Recommendations: To resolve the issue, move the fc remove host() and scsi remove host() calls after DA ID and LOGO are sent. As a temporary workaround, consider disabling the lpfc vport delete() function until a patch is available. Update to a newer version of the Linux kernel, such as version 6.6.37, which fixes bugs and vulnerabilities.