SB2024060378 - Improper locking in Linux kernel scsi fcoe driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper locking (CVE-ID: CVE-2024-26917)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the fcoe_ctlr_announce(), fcoe_ctlr_els_send(), fcoe_ctlr_flogi_send_locked(), fcoe_ctlr_flogi_retry() and fcoe_ctlr_flogi_send() functions in drivers/scsi/fcoe/fcoe_ctlr.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/94a600226b6d0ef065ee84024b450b566c5a87d6
• https://git.kernel.org/stable/c/2209fc6e3d7727d787dc6ef9baa1e9eae6b1295b
• https://git.kernel.org/stable/c/7d4e19f7ff644c5b79e8271df8ac2e549b436a5b
• https://git.kernel.org/stable/c/5b8f473c4de95c056c1c767b1ad48c191544f6a5
• https://git.kernel.org/stable/c/6bb22ac1d11d7d20f91e7fd2e657a9e5f6db65e0
• https://git.kernel.org/stable/c/2996c7e97ea7cf4c1838a1b1dbc0885934113783
• https://git.kernel.org/stable/c/25675159040bffc7992d5163f3f33ba7d0142f21
• https://git.kernel.org/stable/c/977fe773dcc7098d8eaf4ee6382cb51e13e784cb
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.307
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.210
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.149
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.269
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.79
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.18
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.6
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8