SB2024123047 - Use-after-free in Linux kernel scsi qla2xxx driver
Published: December 30, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024123047
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2024-56623)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qla2x00_do_dpc() function in drivers/scsi/qla2xxx/qla_os.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/07c903db0a2ff84b68efa1a74a4de353ea591eb0
- https://git.kernel.org/stable/c/12f04fc8580eafb0510f805749553eb6213f323e
- https://git.kernel.org/stable/c/15369e774f27ec790f207de87c0b541e3f90b22d
- https://git.kernel.org/stable/c/6abf16d3c915b2feb68c1c8b25fcb71b13f98478
- https://git.kernel.org/stable/c/b3e6f25176f248762a24d25ab8cf8c5e90874f80
- https://git.kernel.org/stable/c/ca36d9d53745d5ec8946ef85006d4da605ea7c54
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.174