CVE-2024-42289

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-42289
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42289.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-42289
Downstream
Related
Published
2024-08-17T09:15:09Z
Modified
2025-08-09T19:01:28Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: During vport delete send async logout explicitly

During vport delete, it is observed that during unload we hit a crash because of stale entries in outstanding command array. For all these stale I/O entries, ehabort was issued and aborted (fastfail_io = 2009h) but I/Os could not complete while vport delete is in process of deleting.

BUG: kernel NULL pointer dereference, address: 000000000000001c #PF: supervisor read access in kernel mode #PF: errorcode(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI Workqueue: qla2xxxwq qladowork [qla2xxx] RIP: 0010:dmadirectunmapsg+0x51/0x1e0 RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001 RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0 RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8 R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000 R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0 Call Trace: <TASK> qla2xxxqpairspfreedma+0x417/0x4e0 ? qla2xxxqpairspcompl+0x10d/0x1a0 ? qla2x00statusentry+0x768/0x2830 ? newidlebalance+0x2f0/0x430 ? dequeueentity+0x100/0x3c0 ? qla24xxprocessresponsequeue+0x6a1/0x19e0 ? _schedule+0x2d5/0x1140 ? qladowork+0x47/0x60 ? processonework+0x267/0x440 ? processonework+0x440/0x440 ? workerthread+0x2d/0x3d0 ? processonework+0x440/0x440 ? kthread+0x156/0x180 ? setkthreadstruct+0x50/0x50 ? retfrom_fork+0x22/0x30 </TASK>

Send out async logout explicitly for all the ports during vport delete.

References

Affected packages