SB2024060471 - Use-after-free in Linux kernel scsi driver 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024060471

SB2024060471 - Use-after-free in Linux kernel scsi driver

Published: June 4, 2024 Updated: May 13, 2025

Security Bulletin ID SB2024060471
Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Use-after-free (CVE-ID: CVE-2021-47328)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iscsi_prep_bidi_ahs(), iscsi_check_tmf_restrictions(), iscsi_data_in_rsp(), EXPORT_SYMBOL_GPL(), iscsi_exec_task_mgmt_fn(), iscsi_eh_abort(), iscsi_eh_device_reset(), iscsi_session_recovery_timedout(), iscsi_conn_failure(), iscsi_eh_target_reset(), iscsi_session_setup(), iscsi_conn_setup(), iscsi_conn_teardown(), iscsi_conn_start() and iscsi_start_session_recovery() functions in drivers/scsi/libiscsi.c. A local user can escalate privileges on the system.


Remediation

Install update from vendor's website.

References