Release Date: | 2024-05-01 |
In the Linux kernel, the following vulnerability has been resolved:\nscsi: qla2xxx: Fix command flush on cable pull\nSystem crash due to command failed to flush back to SCSI layer.\nBUG: unable to handle kernel NULL pointer dereference at 0000000000000000\nPGD 0 P4D 0\nOops: 0000 [#1] SMP NOPTI\nCPU: 27 PID: 793455 Comm: kworker/u130:6 Kdump: loaded Tainted: G OE --------- - - 4.18.0-372.9.1.el8.x86_64 #1\nHardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021\nWorkqueue: nvme-wq nvme_fc_connect_ctrl_work [nvme_fc]\nRIP: 0010:__wake_up_common+0x4c/0x190\nCode: 24 10 4d 85 c9 74 0a 41 f6 01 04 0f 85 9d 00 00 00 48 8b 43 08 48 83 c3 08 4c 8d 48 e8 49 8d 41 18 48 39 c3 0f 84 f0 00 00 00 <49> 8b 41 18 89 54 24 08 31 ed 4c 8d 70 e8 45 8b 29 41 f6 c5 04 75\nRSP: 0018:ffff95f3e0cb7cd0 EFLAGS: 00010086\nRAX: 0000000000000000 RBX: ffff8b08d3b26328 RCX: 0000000000000000\nRDX: 0000000000000001 RSI: 0000000000000003 RDI: ffff8b08d3b26320\nRBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffffffffe8\nR10: 0000000000000000 R11: ffff95f3e0cb7a60 R12: ffff95f3e0cb7d20\nR13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffff8b2fdf6c0000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 0000002f1e410002 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n__wake_up_common_lock+0x7c/0xc0\nqla_nvme_ls_req+0x355/0x4c0 [qla2xxx]\nqla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae1407ca000 from port 21:32:00:02:ac:07:ee:b8 loop_id 0x02 s_id 01:02:00 logout 1 keep 0 els_logo 0\n? __nvme_fc_send_ls_req+0x260/0x380 [nvme_fc]\nqla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:00:02:ac:07:ee:b8 state transitioned from ONLINE to LOST - portid=010200.\n? nvme_fc_send_ls_req.constprop.42+0x1a/0x45 [nvme_fc]\nqla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320002ac07eeb8. rport ffff8ae598122000 roles 1\n? nvme_fc_connect_ctrl_work.cold.63+0x1e3/0xa7d [nvme_fc]\nqla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae14801e000 from port 21:32:01:02:ad:f7:ee:b8 loop_id 0x04 s_id 01:02:01 logout 1 keep 0 els_logo 0\n? __switch_to+0x10c/0x450\n? process_one_work+0x1a7/0x360\nqla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:01:02:ad:f7:ee:b8 state transitioned from ONLINE to LOST - portid=010201.\n? worker_thread+0x1ce/0x390\n? create_worker+0x1a0/0x1a0\nqla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320102adf7eeb8. rport ffff8ae3b2312800 roles 70\n? kthread+0x10a/0x120\nqla2xxx [0000:12:00.1]-2112:3: qla_nvme_unregister_remote_port: unregister remoteport on ffff8ae14801e000 21320102adf7eeb8\n? set_kthread_struct+0x40/0x40\nqla2xxx [0000:12:00.1]-2110:3: remoteport_delete of ffff8ae14801e000 21320102adf7eeb8 completed.\n? ret_from_fork+0x1f/0x40\nqla2xxx [0000:12:00.1]-f086:3: qlt_free_session_done: waiting for sess ffff8ae14801e000 logout\nThe system was under memory stress where driver was not able to allocate an\nSRB to carry out error recovery of cable pull. The failure to flush causes\nupper layer to start modifying scsi_cmnd. When the system frees up some\nmemory, the subsequent cable pull trigger another command flush. At this\npoint the driver access a null pointer when attempting to DMA unmap the\nSGL.\nAdd a check to make sure commands are flush back on session tear down to\nprevent the null pointer access.
See more information about CVE-2024-26931 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
Base Score: | 5.5 | CVSS Vector: | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Attack Vector: | Local network | Attack Complexity: | Low |
Privileges Required: | Low | User Interaction: | None |
Scope: | Unchanged | Confidentiality Impact: | None |
Integrity Impact: | None | Availability Impact: | High |
Platform | Errata | Release Date |
Oracle Linux version 6 (kernel-uek) | ELSA-2024-12700 | 2024-09-27 |
Oracle Linux version 7 (kernel-uek) | ELSA-2024-12700 | 2024-09-27 |
Oracle Linux version 9 (kernel) | ELSA-2024-6997 | 2024-09-24 |
Oracle VM version 3 (kernel-uek) | OVMSA-2024-0013 | 2024-10-01 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections: