SB20240531465 - NULL pointer dereference in Linux kernel scsi qla2xxx driver

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2024-26931)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qlt_free_session_done() function in drivers/scsi/qla2xxx/qla_target.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/b73377124f56d2fec154737c2f8d2e839c237d5a
• https://git.kernel.org/stable/c/d7a68eee87b05d4e29419e6f151aef99314970a9
• https://git.kernel.org/stable/c/67b2d35853c2da25a8ca1c4190a5e96d3083c2ac
• https://git.kernel.org/stable/c/a859f6a8f4234b8ef62862bf7a92f1af5f8cd47a
• https://git.kernel.org/stable/c/09c0ac18cac206ed1218b1fe6c1a0918e5ea9211
• https://git.kernel.org/stable/c/8de1584ec4fe0ebea33c273036e7e0a05e65c81d
• https://git.kernel.org/stable/c/8f0d32004e3a572bb77e6c11c2797c87f8c9703d
• https://git.kernel.org/stable/c/ec7587eef003cab15a13446d67c3adb88146a150
• https://git.kernel.org/stable/c/a27d4d0e7de305def8a5098a614053be208d1aa1
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.312
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.215
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.154
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.274
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.84
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.24
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.12
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.3