{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-53227", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-11-19T17:17:25.025Z", "datePublished": "2024-12-27T13:50:16.175Z", "dateUpdated": "2025-02-11T15:45:25.837Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-01-20T06:21:38.311Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bfa: Fix use-after-free in bfad_im_module_exit()\n\nBUG: KASAN: slab-use-after-free in __lock_acquire+0x2aca/0x3a20\nRead of size 8 at addr ffff8881082d80c8 by task modprobe/25303\n\nCall Trace:\n <TASK>\n dump_stack_lvl+0x95/0xe0\n print_report+0xcb/0x620\n kasan_report+0xbd/0xf0\n __lock_acquire+0x2aca/0x3a20\n lock_acquire+0x19b/0x520\n _raw_spin_lock+0x2b/0x40\n attribute_container_unregister+0x30/0x160\n fc_release_transport+0x19/0x90 [scsi_transport_fc]\n bfad_im_module_exit+0x23/0x60 [bfa]\n bfad_init+0xdb/0xff0 [bfa]\n do_one_initcall+0xdc/0x550\n do_init_module+0x22d/0x6b0\n load_module+0x4e96/0x5ff0\n init_module_from_file+0xcd/0x130\n idempotent_init_module+0x330/0x620\n __x64_sys_finit_module+0xb3/0x110\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n </TASK>\n\nAllocated by task 25303:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n fc_attach_transport+0x4f/0x4740 [scsi_transport_fc]\n bfad_im_module_init+0x17/0x80 [bfa]\n bfad_init+0x23/0xff0 [bfa]\n do_one_initcall+0xdc/0x550\n do_init_module+0x22d/0x6b0\n load_module+0x4e96/0x5ff0\n init_module_from_file+0xcd/0x130\n idempotent_init_module+0x330/0x620\n __x64_sys_finit_module+0xb3/0x110\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 25303:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x38/0x50\n kfree+0x212/0x480\n bfad_im_module_init+0x7e/0x80 [bfa]\n bfad_init+0x23/0xff0 [bfa]\n do_one_initcall+0xdc/0x550\n do_init_module+0x22d/0x6b0\n load_module+0x4e96/0x5ff0\n init_module_from_file+0xcd/0x130\n idempotent_init_module+0x330/0x620\n __x64_sys_finit_module+0xb3/0x110\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nAbove issue happens as follows:\n\nbfad_init\n error = bfad_im_module_init()\n fc_release_transport(bfad_im_scsi_transport_template);\n if (error)\n goto ext;\n\next:\n bfad_im_module_exit();\n fc_release_transport(bfad_im_scsi_transport_template);\n --> Trigger double release\n\nDon't call bfad_im_module_exit() if bfad_im_module_init() failed."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/scsi/bfa/bfad.c"], "versions": [{"version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e", "lessThan": "0ceac8012d3ddea3317f0d82934293d05feb8af1", "status": "affected", "versionType": "git"}, {"version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e", "lessThan": "3932c753f805a02e9364a4c58b590f21901f8490", "status": "affected", "versionType": "git"}, {"version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e", "lessThan": "ef2c2580189ea88a0dcaf56eb3a565763a900edb", "status": "affected", "versionType": "git"}, {"version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e", "lessThan": "e76181a5be90abcc3ed8a300bd13878aa214d022", "status": "affected", "versionType": "git"}, {"version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e", "lessThan": "8f5a97443b547b4c83f876f1d6a11df0f1fd4efb", "status": "affected", "versionType": "git"}, {"version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e", "lessThan": "c28409f851abd93b37969cac7498828ad533afd9", "status": "affected", "versionType": "git"}, {"version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e", "lessThan": "1ffdde30a90bf8efe8f270407f486706962b3292", "status": "affected", "versionType": "git"}, {"version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e", "lessThan": "a2b5035ab0e368e8d8a371e27fbc72f133c0bd40", "status": "affected", "versionType": "git"}, {"version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e", "lessThan": "178b8f38932d635e90f5f0e9af1986c6f4a89271", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/scsi/bfa/bfad.c"], "versions": [{"version": "2.6.32", "status": "affected"}, {"version": "0", "lessThan": "2.6.32", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.325", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.287", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.231", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.174", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.120", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.64", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.11", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.2", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/0ceac8012d3ddea3317f0d82934293d05feb8af1"}, {"url": "https://git.kernel.org/stable/c/3932c753f805a02e9364a4c58b590f21901f8490"}, {"url": "https://git.kernel.org/stable/c/ef2c2580189ea88a0dcaf56eb3a565763a900edb"}, {"url": "https://git.kernel.org/stable/c/e76181a5be90abcc3ed8a300bd13878aa214d022"}, {"url": "https://git.kernel.org/stable/c/8f5a97443b547b4c83f876f1d6a11df0f1fd4efb"}, {"url": "https://git.kernel.org/stable/c/c28409f851abd93b37969cac7498828ad533afd9"}, {"url": "https://git.kernel.org/stable/c/1ffdde30a90bf8efe8f270407f486706962b3292"}, {"url": "https://git.kernel.org/stable/c/a2b5035ab0e368e8d8a371e27fbc72f133c0bd40"}, {"url": "https://git.kernel.org/stable/c/178b8f38932d635e90f5f0e9af1986c6f4a89271"}], "title": "scsi: bfa: Fix use-after-free in bfad_im_module_exit()", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-53227", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-11T15:43:06.746226Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-11T15:45:25.837Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-53227", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-11T15:43:06.746226Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-11T15:43:08.067Z"}}], "cna": {"title": "scsi: bfa: Fix use-after-free in bfad_im_module_exit()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e", "lessThan": "0ceac8012d3ddea3317f0d82934293d05feb8af1", "versionType": "git"}, {"status": "affected", "version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e", "lessThan": "3932c753f805a02e9364a4c58b590f21901f8490", "versionType": "git"}, {"status": "affected", "version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e", "lessThan": "ef2c2580189ea88a0dcaf56eb3a565763a900edb", "versionType": "git"}, {"status": "affected", "version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e", "lessThan": "e76181a5be90abcc3ed8a300bd13878aa214d022", "versionType": "git"}, {"status": "affected", "version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e", "lessThan": "8f5a97443b547b4c83f876f1d6a11df0f1fd4efb", "versionType": "git"}, {"status": "affected", "version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e", "lessThan": "c28409f851abd93b37969cac7498828ad533afd9", "versionType": "git"}, {"status": "affected", "version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e", "lessThan": "1ffdde30a90bf8efe8f270407f486706962b3292", "versionType": "git"}, {"status": "affected", "version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e", "lessThan": "a2b5035ab0e368e8d8a371e27fbc72f133c0bd40", "versionType": "git"}, {"status": "affected", "version": "7725ccfda59715ecf8f99e3b520a0b84cc2ea79e", "lessThan": "178b8f38932d635e90f5f0e9af1986c6f4a89271", "versionType": "git"}], "programFiles": ["drivers/scsi/bfa/bfad.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2.6.32"}, {"status": "unaffected", "version": "0", "lessThan": "2.6.32", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.325", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.287", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.231", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.174", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.120", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.64", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.11.11", "versionType": "semver", "lessThanOrEqual": "6.11.*"}, {"status": "unaffected", "version": "6.12.2", "versionType": "semver", "lessThanOrEqual": "6.12.*"}, {"status": "unaffected", "version": "6.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/scsi/bfa/bfad.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/0ceac8012d3ddea3317f0d82934293d05feb8af1"}, {"url": "https://git.kernel.org/stable/c/3932c753f805a02e9364a4c58b590f21901f8490"}, {"url": "https://git.kernel.org/stable/c/ef2c2580189ea88a0dcaf56eb3a565763a900edb"}, {"url": "https://git.kernel.org/stable/c/e76181a5be90abcc3ed8a300bd13878aa214d022"}, {"url": "https://git.kernel.org/stable/c/8f5a97443b547b4c83f876f1d6a11df0f1fd4efb"}, {"url": "https://git.kernel.org/stable/c/c28409f851abd93b37969cac7498828ad533afd9"}, {"url": "https://git.kernel.org/stable/c/1ffdde30a90bf8efe8f270407f486706962b3292"}, {"url": "https://git.kernel.org/stable/c/a2b5035ab0e368e8d8a371e27fbc72f133c0bd40"}, {"url": "https://git.kernel.org/stable/c/178b8f38932d635e90f5f0e9af1986c6f4a89271"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bfa: Fix use-after-free in bfad_im_module_exit()\n\nBUG: KASAN: slab-use-after-free in __lock_acquire+0x2aca/0x3a20\nRead of size 8 at addr ffff8881082d80c8 by task modprobe/25303\n\nCall Trace:\n <TASK>\n dump_stack_lvl+0x95/0xe0\n print_report+0xcb/0x620\n kasan_report+0xbd/0xf0\n __lock_acquire+0x2aca/0x3a20\n lock_acquire+0x19b/0x520\n _raw_spin_lock+0x2b/0x40\n attribute_container_unregister+0x30/0x160\n fc_release_transport+0x19/0x90 [scsi_transport_fc]\n bfad_im_module_exit+0x23/0x60 [bfa]\n bfad_init+0xdb/0xff0 [bfa]\n do_one_initcall+0xdc/0x550\n do_init_module+0x22d/0x6b0\n load_module+0x4e96/0x5ff0\n init_module_from_file+0xcd/0x130\n idempotent_init_module+0x330/0x620\n __x64_sys_finit_module+0xb3/0x110\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n </TASK>\n\nAllocated by task 25303:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n fc_attach_transport+0x4f/0x4740 [scsi_transport_fc]\n bfad_im_module_init+0x17/0x80 [bfa]\n bfad_init+0x23/0xff0 [bfa]\n do_one_initcall+0xdc/0x550\n do_init_module+0x22d/0x6b0\n load_module+0x4e96/0x5ff0\n init_module_from_file+0xcd/0x130\n idempotent_init_module+0x330/0x620\n __x64_sys_finit_module+0xb3/0x110\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 25303:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x38/0x50\n kfree+0x212/0x480\n bfad_im_module_init+0x7e/0x80 [bfa]\n bfad_init+0x23/0xff0 [bfa]\n do_one_initcall+0xdc/0x550\n do_init_module+0x22d/0x6b0\n load_module+0x4e96/0x5ff0\n init_module_from_file+0xcd/0x130\n idempotent_init_module+0x330/0x620\n __x64_sys_finit_module+0xb3/0x110\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nAbove issue happens as follows:\n\nbfad_init\n error = bfad_im_module_init()\n fc_release_transport(bfad_im_scsi_transport_template);\n if (error)\n goto ext;\n\next:\n bfad_im_module_exit();\n fc_release_transport(bfad_im_scsi_transport_template);\n --> Trigger double release\n\nDon't call bfad_im_module_exit() if bfad_im_module_init() failed."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-01-20T06:21:38.311Z"}}}, "cveMetadata": {"cveId": "CVE-2024-53227", "state": "PUBLISHED", "dateUpdated": "2025-02-11T15:45:25.837Z", "dateReserved": "2024-11-19T17:17:25.025Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-12-27T13:50:16.175Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "560AD6AC-47DD-4D5C-9194-0606623A7EB1", "versionEndExcluding": "4.19.325", "versionStartIncluding": "2.6.32", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4B15788-D35E-4E5B-A9C0-070AE3729B34", "versionEndExcluding": "5.4.287", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5C644CC-2BD7-4E32-BC54-8DCC7ABE9935", "versionEndExcluding": "5.10.231", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "419FD073-1517-4FD5-8158-F94BC68A1E89", "versionEndExcluding": "5.15.174", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "09AC6122-E2A4-40FE-9D33-268A1B2EC265", "versionEndExcluding": "6.1.120", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7", "versionEndExcluding": "6.6.64", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "21434379-192D-472F-9B54-D45E3650E893", "versionEndExcluding": "6.11.11", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776", "versionEndExcluding": "6.12.2", "versionStartIncluding": "6.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bfa: Fix use-after-free in bfad_im_module_exit()\n\nBUG: KASAN: slab-use-after-free in __lock_acquire+0x2aca/0x3a20\nRead of size 8 at addr ffff8881082d80c8 by task modprobe/25303\n\nCall Trace:\n <TASK>\n dump_stack_lvl+0x95/0xe0\n print_report+0xcb/0x620\n kasan_report+0xbd/0xf0\n __lock_acquire+0x2aca/0x3a20\n lock_acquire+0x19b/0x520\n _raw_spin_lock+0x2b/0x40\n attribute_container_unregister+0x30/0x160\n fc_release_transport+0x19/0x90 [scsi_transport_fc]\n bfad_im_module_exit+0x23/0x60 [bfa]\n bfad_init+0xdb/0xff0 [bfa]\n do_one_initcall+0xdc/0x550\n do_init_module+0x22d/0x6b0\n load_module+0x4e96/0x5ff0\n init_module_from_file+0xcd/0x130\n idempotent_init_module+0x330/0x620\n __x64_sys_finit_module+0xb3/0x110\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n </TASK>\n\nAllocated by task 25303:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n fc_attach_transport+0x4f/0x4740 [scsi_transport_fc]\n bfad_im_module_init+0x17/0x80 [bfa]\n bfad_init+0x23/0xff0 [bfa]\n do_one_initcall+0xdc/0x550\n do_init_module+0x22d/0x6b0\n load_module+0x4e96/0x5ff0\n init_module_from_file+0xcd/0x130\n idempotent_init_module+0x330/0x620\n __x64_sys_finit_module+0xb3/0x110\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 25303:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x38/0x50\n kfree+0x212/0x480\n bfad_im_module_init+0x7e/0x80 [bfa]\n bfad_init+0x23/0xff0 [bfa]\n do_one_initcall+0xdc/0x550\n do_init_module+0x22d/0x6b0\n load_module+0x4e96/0x5ff0\n init_module_from_file+0xcd/0x130\n idempotent_init_module+0x330/0x620\n __x64_sys_finit_module+0xb3/0x110\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nAbove issue happens as follows:\n\nbfad_init\n error = bfad_im_module_init()\n fc_release_transport(bfad_im_scsi_transport_template);\n if (error)\n goto ext;\n\next:\n bfad_im_module_exit();\n fc_release_transport(bfad_im_scsi_transport_template);\n --> Trigger double release\n\nDon't call bfad_im_module_exit() if bfad_im_module_init() failed."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: bfa: Se corrige el use-after-free en bfad_im_module_exit() ERROR: KASAN: use-after-free de losa en __lock_acquire+0x2aca/0x3a20 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff8881082d80c8 por la tarea modprobe/25303 Seguimiento de llamadas: dump_stack_lvl+0x95/0xe0 print_report+0xcb/0x620 kasan_report+0xbd/0xf0 __lock_acquire+0x2aca/0x3a20 lock_acquire+0x19b/0x520 _raw_spin_lock+0x2b/0x40 attribute_container_unregister+0x30/0x160 Asignado por tarea 25303: pila de guardado de kasan+0x24/0x50 pista de guardado de kasan+0x14/0x30 __kasan_kmalloc+0x7f/0x90 transporte de acoplamiento de fc+0x4f/0x4740 [transporte de scsi_fc] inicio del m\u00f3dulo de bfad_im+0x17/0x80 [bfa] inicio del m\u00f3dulo de bfad_init+0x23/0xff0 [bfa] hacer una llamada de inicio+0xdc/0x550 hacer el m\u00f3dulo de inicio+0x22d/0x6b0 m\u00f3dulo de carga+0x4e96/0x5ff0 m\u00f3dulo de inicio desde el archivo+0xcd/0x130 m\u00f3dulo de inicio idempotente+0x330/0x620 __x64_sys_finit_module+0xb3/0x110 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Liberado por la tarea 25303: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x38/0x50 kfree+0x212/0x480 bfad_im_module_init+0x7e/0x80 [bfa] bfad_init+0x23/0xff0 [bfa] do_one_initcall+0xdc/0x550 do_init_module+0x22d/0x6b0 load_module+0x4e96/0x5ff0 init_module_from_file+0xcd/0x130 idempotent_init_module+0x330/0x620 __x64_sys_finit_module+0xb3/0x110 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f El problema anterior ocurre de la siguiente manera: bfad_init error = bfad_im_module_init() fc_release_transport(bfad_im_scsi_transport_template); if (error) goto ext; ext: bfad_im_module_exit(); fc_release_transport(bfad_im_scsi_transport_template); --&gt; Disparador de doble liberaci\u00f3n No llame a bfad_im_module_exit() si bfad_im_module_init() fall\u00f3."}], "id": "CVE-2024-53227", "lastModified": "2025-02-11T16:15:42.327", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-12-27T14:15:30.937", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0ceac8012d3ddea3317f0d82934293d05feb8af1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/178b8f38932d635e90f5f0e9af1986c6f4a89271"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1ffdde30a90bf8efe8f270407f486706962b3292"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3932c753f805a02e9364a4c58b590f21901f8490"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8f5a97443b547b4c83f876f1d6a11df0f1fd4efb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a2b5035ab0e368e8d8a371e27fbc72f133c0bd40"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c28409f851abd93b37969cac7498828ad533afd9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e76181a5be90abcc3ed8a300bd13878aa214d022"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ef2c2580189ea88a0dcaf56eb3a565763a900edb"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: scsi: bfa: Fix use-after-free in bfad_im_module_exit()", "id": "2334381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334381"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nscsi: bfa: Fix use-after-free in bfad_im_module_exit()\nBUG: KASAN: slab-use-after-free in __lock_acquire+0x2aca/0x3a20\nRead of size 8 at addr ffff8881082d80c8 by task modprobe/25303\nCall Trace:\n<TASK>\ndump_stack_lvl+0x95/0xe0\nprint_report+0xcb/0x620\nkasan_report+0xbd/0xf0\n__lock_acquire+0x2aca/0x3a20\nlock_acquire+0x19b/0x520\n_raw_spin_lock+0x2b/0x40\nattribute_container_unregister+0x30/0x160\nfc_release_transport+0x19/0x90 [scsi_transport_fc]\nbfad_im_module_exit+0x23/0x60 [bfa]\nbfad_init+0xdb/0xff0 [bfa]\ndo_one_initcall+0xdc/0x550\ndo_init_module+0x22d/0x6b0\nload_module+0x4e96/0x5ff0\ninit_module_from_file+0xcd/0x130\nidempotent_init_module+0x330/0x620\n__x64_sys_finit_module+0xb3/0x110\ndo_syscall_64+0xc1/0x1d0\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\n</TASK>\nAllocated by task 25303:\nkasan_save_stack+0x24/0x50\nkasan_save_track+0x14/0x30\n__kasan_kmalloc+0x7f/0x90\nfc_attach_transport+0x4f/0x4740 [scsi_transport_fc]\nbfad_im_module_init+0x17/0x80 [bfa]\nbfad_init+0x23/0xff0 [bfa]\ndo_one_initcall+0xdc/0x550\ndo_init_module+0x22d/0x6b0\nload_module+0x4e96/0x5ff0\ninit_module_from_file+0xcd/0x130\nidempotent_init_module+0x330/0x620\n__x64_sys_finit_module+0xb3/0x110\ndo_syscall_64+0xc1/0x1d0\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nFreed by task 25303:\nkasan_save_stack+0x24/0x50\nkasan_save_track+0x14/0x30\nkasan_save_free_info+0x3b/0x60\n__kasan_slab_free+0x38/0x50\nkfree+0x212/0x480\nbfad_im_module_init+0x7e/0x80 [bfa]\nbfad_init+0x23/0xff0 [bfa]\ndo_one_initcall+0xdc/0x550\ndo_init_module+0x22d/0x6b0\nload_module+0x4e96/0x5ff0\ninit_module_from_file+0xcd/0x130\nidempotent_init_module+0x330/0x620\n__x64_sys_finit_module+0xb3/0x110\ndo_syscall_64+0xc1/0x1d0\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nAbove issue happens as follows:\nbfad_init\nerror = bfad_im_module_init()\nfc_release_transport(bfad_im_scsi_transport_template);\nif (error)\ngoto ext;\next:\nbfad_im_module_exit();\nfc_release_transport(bfad_im_scsi_transport_template);\n--> Trigger double release\nDon't call bfad_im_module_exit() if bfad_im_module_init() failed."], "name": "CVE-2024-53227", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-12-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-53227\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-53227\nhttps://lore.kernel.org/linux-cve-announce/2024122735-CVE-2024-53227-d872@gregkh/T"], "statement": "This issue is considered to be a moderate impact flaw, as the exploitation for this will need an ADMIN (or ROOT) privilege (PR:H).", "threat_severity": "Moderate"}