SB2024123091 - Use-after-free in Linux kernel scsi bfa driver
Published: December 30, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024123091
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2024-53227)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bfad_init() function in drivers/scsi/bfa/bfad.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0ceac8012d3ddea3317f0d82934293d05feb8af1
- https://git.kernel.org/stable/c/178b8f38932d635e90f5f0e9af1986c6f4a89271
- https://git.kernel.org/stable/c/1ffdde30a90bf8efe8f270407f486706962b3292
- https://git.kernel.org/stable/c/3932c753f805a02e9364a4c58b590f21901f8490
- https://git.kernel.org/stable/c/8f5a97443b547b4c83f876f1d6a11df0f1fd4efb
- https://git.kernel.org/stable/c/a2b5035ab0e368e8d8a371e27fbc72f133c0bd40
- https://git.kernel.org/stable/c/c28409f851abd93b37969cac7498828ad533afd9
- https://git.kernel.org/stable/c/e76181a5be90abcc3ed8a300bd13878aa214d022
- https://git.kernel.org/stable/c/ef2c2580189ea88a0dcaf56eb3a565763a900edb
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.231