SB2024070175 - Resource management error in Linux kernel scsi driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource management error (CVE-ID: CVE-2021-47480)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the scsi_device_dev_release_usercontext() function in drivers/scsi/scsi_sysfs.c, within the EXPORT_SYMBOL() function in drivers/scsi/scsi.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/1105573d964f7b78734348466b01f5f6ba8a1813
• https://git.kernel.org/stable/c/8e4814a461787e15a31d322d9efbe0d4f6822428
• https://git.kernel.org/stable/c/61a0faa89f21861d1f8d059123b5c285a5d9ffee
• https://git.kernel.org/stable/c/c2df161f69fb1c67f63adbd193368b47f511edc0
• https://git.kernel.org/stable/c/1ce287eff9f23181d5644db787f472463a61f68b
• https://git.kernel.org/stable/c/7b57c38d12aed1b5d92f74748bed25e0d041729f
• https://git.kernel.org/stable/c/f30822c0b4c35ec86187ab055263943dc71a6836
• https://git.kernel.org/stable/c/f2b85040acec9a928b4eb1b57a989324e8e38d3f
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.255
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.216
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.292
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.290
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.78
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.17
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.158