CVE-2024-35930
MEDIUMLinux Kernel < 4.19.312, 4.20.0-6.8.6 - Use-After-Free in lpfc_rcv_padisc
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() The call to lpfc_sli4_resume_rpi() in lpfc_rcv_padisc() may return an unsuccessful status. In such cases, the elsiocb is not issued, the completion is not called, and thus the elsiocb resource is leaked. Check return value after calling lpfc_sli4_resume_rpi() and conditionally release the elsiocb resource.
References (11)
Core 11
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
Scores
CVSS v3
5.5
EPSS
0.0001
EPSS Percentile
2.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-401
Status
published
Products (27)
debian/debian_linux
10.0
linux/Kernel
3.4.0 - 4.19.312linux
linux/Kernel
4.20.0 - 5.4.274linux
linux/Kernel
5.11.0 - 5.15.155linux
linux/Kernel
5.16.0 - 6.1.86linux
linux/Kernel
5.5.0 - 5.10.215linux
linux/Kernel
6.2.0 - 6.6.27linux
linux/Kernel
6.7.0 - 6.8.6linux
Linux/Linux
< 3.4
Linux/Linux
3.4
... and 17 more
Published
May 19, 2024
Tracked Since
Feb 18, 2026