SB20240531328 - NULL pointer dereference in Linux kernel scsi libfc driver

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2023-52809)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fc_lport_ptp_setup() function in drivers/scsi/libfc/fc_lport.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/930f0aaba4820d6362de4e6ed569eaf444f1ea4e
• https://git.kernel.org/stable/c/77072ec41d6ab3718c3fc639bc149b8037caedfa
• https://git.kernel.org/stable/c/b549acf999824d4f751ca57965700372f2f3ad00
• https://git.kernel.org/stable/c/bb83f79f90e92f46466adcfd4fd264a7ae0f0f01
• https://git.kernel.org/stable/c/56d78b5495ebecbb9395101f3be177cd0a52450b
• https://git.kernel.org/stable/c/442fd24d7b6b29e4a9cd9225afba4142d5f522ba
• https://git.kernel.org/stable/c/f6fe7261b92b21109678747f36df9fdab1e30c34
• https://git.kernel.org/stable/c/6b9ecf4e1032e645873933e5b43cbb84cac19106
• https://git.kernel.org/stable/c/4df105f0ce9f6f30cda4e99f577150d23f0c9c5f
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.331
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.300
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.202
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.140
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.262
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.64
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.13
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.3
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7