SB20240620240 - Resource management error in Linux kernel scsi bnx2fc driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource management error (CVE-ID: CVE-2022-48758)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bnx2fc_bind_pcidev(), bnx2fc_indicate_netevent(), bnx2fc_vport_destroy(), bnx2fc_if_create(), __bnx2fc_destroy(), bnx2fc_destroy_work() and bnx2fc_ulp_exit() functions in drivers/scsi/bnx2fc/bnx2fc_fcoe.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/2a12fe8248a38437b95b942bbe85aced72e6e2eb
• https://git.kernel.org/stable/c/262550f29c750f7876b6ed1244281e72b64ebffb
• https://git.kernel.org/stable/c/c93a290c862ccfa404e42d7420565730d67cbff9
• https://git.kernel.org/stable/c/de6336b17a1376db1c0f7a528cce8783db0881c0
• https://git.kernel.org/stable/c/bf2bd892a0cb14dd2d21f2c658f4b747813be311
• https://git.kernel.org/stable/c/00849de10f798a9538242824a51b1756e7110754
• https://git.kernel.org/stable/c/b11e34f7bab21df36f02a5e54fb69e858c09a65d
• https://git.kernel.org/stable/c/ace7b6ef41251c5fe47f629a9a922382fb7b0a6b
• https://git.kernel.org/stable/c/847f9ea4c5186fdb7b84297e3eeed9e340e83fce
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.265
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.228
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.302
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.300
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.96
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.19
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.176