CVE-2024-42289

ULN >
Oracle Linux CVE repository >
CVE-2024-42289

CVE Details

Release Date:

2024-08-17

Description

In the Linux kernel, the following vulnerability has been resolved:\nscsi: qla2xxx: During vport delete send async logout explicitly\nDuring vport delete, it is observed that during unload we hit a crash\nbecause of stale entries in outstanding command array. For all these stale\nI/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but\nI/Os could not complete while vport delete is in process of deleting.\nBUG: kernel NULL pointer dereference, address: 000000000000001c\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nWorkqueue: qla2xxx_wq qla_do_work [qla2xxx]\nRIP: 0010:dma_direct_unmap_sg+0x51/0x1e0\nRSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046\nRAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001\nRDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0\nRBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8\nR10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000\nR13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0\nCall Trace:\n\nqla2xxx_qpair_sp_free_dma+0x417/0x4e0\n? qla2xxx_qpair_sp_compl+0x10d/0x1a0\n? qla2x00_status_entry+0x768/0x2830\n? newidle_balance+0x2f0/0x430\n? dequeue_entity+0x100/0x3c0\n? qla24xx_process_response_queue+0x6a1/0x19e0\n? __schedule+0x2d5/0x1140\n? qla_do_work+0x47/0x60\n? process_one_work+0x267/0x440\n? process_one_work+0x440/0x440\n? worker_thread+0x2d/0x3d0\n? process_one_work+0x440/0x440\n? kthread+0x156/0x180\n? set_kthread_struct+0x50/0x50\n? ret_from_fork+0x22/0x30\n\nSend out async logout explicitly for all the ports during vport delete.

See more information about CVE-2024-42289 from MITRE CVE dictionary and NIST NVD

CVSS Scoring

NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score:	5.5	CVSS Vector:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector:	Local network	Attack Complexity:	Low
Privileges Required:	Low	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	None
Integrity Impact:	None	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 7 (kernel-uek)	ELSA-2024-12780	2024-10-11
Oracle Linux version 7 (kernel-uek)	ELSA-2024-12782	2024-10-14
Oracle Linux version 8 (kernel-uek)	ELSA-2024-12682	2024-09-23
Oracle Linux version 8 (kernel-uek)	ELSA-2024-12780	2024-10-11
Oracle Linux version 8 (kernel-uek)	ELSA-2024-12782	2024-10-14
Oracle Linux version 9 (kernel-uek)	ELSA-2024-12682	2024-09-23

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

Oracle customers - enter a support request
Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691