CVE-2024-50183
scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.7EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
08 nov 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance
Deleting an NPIV instance requires all fabric ndlps to be released before
an NPIV's resources can be torn down. Failure to release fabric ndlps
beforehand opens kref imbalance race conditions. Fix by forcing the DA_ID
to complete synchronously with usage of wait_queue.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Produtos afetados
Linux · LinuxQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://git.kernel.org/stable/c/0857b1c573c0b095aa778bb26d8b3378172471b6https://git.kernel.org/stable/c/0a3c84f71680684c1d41abb92db05f95c09111e8https://git.kernel.org/stable/c/0ef6e016eb53fad6dc44c3253945efb43a3486b9https://git.kernel.org/stable/c/bbc525409bfe8e5bff12f5d18d550ab3e52cdbefhttps://lists.debian.org/debian-lts-announce/2025/01/msg00001.html