SB2024070174 - Resource management error in Linux kernel scsi mpt3sas driver
Published: July 1, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024070174
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2021-47565)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the _scsih_ublock_io_device() function in drivers/scsi/mpt3sas/mpt3sas_scsih.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/5d4d50b1f159a5ebab7617f47121b4370aa58afe
- https://git.kernel.org/stable/c/58ef2c7a6de13721865d84b80eecf56d6cba0937
- https://git.kernel.org/stable/c/dd035ca0e7a142870a970d46b1d19276cfe2bc8c
- https://git.kernel.org/stable/c/0d4b29eaadc1f59cec0c7e85eae77d08fcca9824
- https://git.kernel.org/stable/c/7e324f734a914957b8cc3ff4b4c9f0409558adb5
- https://git.kernel.org/stable/c/2bf9c5a5039c8f4b037236aed505e6a25c1d5f7b
- https://git.kernel.org/stable/c/8485649a7655e791a6e4e9f15b4d30fdae937184
- https://git.kernel.org/stable/c/0ee4ba13e09c9d9c1cb6abb59da8295d9952328b
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.257
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.219
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.294
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.292
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.83
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.163