CVE-2024-49852
scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del()
In the Linux kernel, the following vulnerability has been resolved:
scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del()
The kref_put() function will call nport->release if the refcount drops to
zero. The nport->release release function is _efc_nport_free() which frees
"nport". But then we dereference "nport" on the next line which is a use
after free. Re-order these lines to avoid the use after free.
Productos afectados
Linux · Linux¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://git.kernel.org/stable/c/16a570f07d870a285b0c0b0d1ca4dff79e8aa5ffhttps://git.kernel.org/stable/c/2e4b02fad094976763af08fec2c620f4f8edd9aehttps://git.kernel.org/stable/c/7c2908985e4ae0ea1b526b3916de9e5351650908https://git.kernel.org/stable/c/98752fcd076a8cbc978016eae7125b4971be1eechttps://git.kernel.org/stable/c/abc71e89170ed32ecf0a5a29f31aa711e143e941https://git.kernel.org/stable/c/baeb8628ab7f4577740f00e439d3fdf7c876b0ffhttps://lists.debian.org/debian-lts-announce/2025/01/msg00001.html