CVE - CVE-2024-56623

CVE-ID
CVE-2024-56623	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix use after free on unload System crash is observed with stack trace warning of use after free. There are 2 signals to tell dpc_thread to terminate (UNLOADING flag and kthread_stop). On setting the UNLOADING flag when dpc_thread happens to run at the time and sees the flag, this causes dpc_thread to exit and clean up itself. When kthread_stop is called for final cleanup, this causes use after free. Remove UNLOADING signal to terminate dpc_thread. Use the kthread_stop as the main signal to exit dpc_thread. [596663.812935] kernel BUG at mm/slub.c:294! [596663.812950] invalid opcode: 0000 [#1] SMP PTI [596663.812957] CPU: 13 PID: 1475935 Comm: rmmod Kdump: loaded Tainted: G IOE --------- - - 4.18.0-240.el8.x86_64 #1 [596663.812960] Hardware name: HP ProLiant DL380p Gen8, BIOS P70 08/20/2012 [596663.812974] RIP: 0010:__slab_free+0x17d/0x360 ... [596663.813008] Call Trace: [596663.813022] ? __dentry_kill+0x121/0x170 [596663.813030] ? _cond_resched+0x15/0x30 [596663.813034] ? _cond_resched+0x15/0x30 [596663.813039] ? wait_for_completion+0x35/0x190 [596663.813048] ? try_to_wake_up+0x63/0x540 [596663.813055] free_task+0x5a/0x60 [596663.813061] kthread_stop+0xf3/0x100 [596663.813103] qla2x00_remove_one+0x284/0x440 [qla2xxx]
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/07c903db0a2ff84b68efa1a74a4de353ea591eb0 URL:https://git.kernel.org/stable/c/07c903db0a2ff84b68efa1a74a4de353ea591eb0 MISC:https://git.kernel.org/stable/c/12f04fc8580eafb0510f805749553eb6213f323e URL:https://git.kernel.org/stable/c/12f04fc8580eafb0510f805749553eb6213f323e MISC:https://git.kernel.org/stable/c/15369e774f27ec790f207de87c0b541e3f90b22d URL:https://git.kernel.org/stable/c/15369e774f27ec790f207de87c0b541e3f90b22d MISC:https://git.kernel.org/stable/c/6abf16d3c915b2feb68c1c8b25fcb71b13f98478 URL:https://git.kernel.org/stable/c/6abf16d3c915b2feb68c1c8b25fcb71b13f98478 MISC:https://git.kernel.org/stable/c/b3e6f25176f248762a24d25ab8cf8c5e90874f80 URL:https://git.kernel.org/stable/c/b3e6f25176f248762a24d25ab8cf8c5e90874f80 MISC:https://git.kernel.org/stable/c/ca36d9d53745d5ec8946ef85006d4da605ea7c54 URL:https://git.kernel.org/stable/c/ca36d9d53745d5ec8946ef85006d4da605ea7c54
Assigning CNA
kernel.org
Date Record Created
20241227	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20241227)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)