CVE-2024-50183
scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.7EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
08 nov 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance
Deleting an NPIV instance requires all fabric ndlps to be released before
an NPIV's resources can be torn down. Failure to release fabric ndlps
beforehand opens kref imbalance race conditions. Fix by forcing the DA_ID
to complete synchronously with usage of wait_queue.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Productos afectados
Linux · Linux¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://git.kernel.org/stable/c/0857b1c573c0b095aa778bb26d8b3378172471b6https://git.kernel.org/stable/c/0a3c84f71680684c1d41abb92db05f95c09111e8https://git.kernel.org/stable/c/0ef6e016eb53fad6dc44c3253945efb43a3486b9https://git.kernel.org/stable/c/bbc525409bfe8e5bff12f5d18d550ab3e52cdbefhttps://lists.debian.org/debian-lts-announce/2025/01/msg00001.html