CVE-2021-46963 : In the Linux kernel, the following vulnerability has been resolved: scsi: qla2x

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() RIP: 0010:kmem_cache_free+0xfa/0x1b0 Call Trace: qla2xxx_mqueuecommand+0x2b5/0x2c0 [qla2xxx] scsi_queue_rq+0x5e2/0xa40 __blk_mq_try_issue_directly+0x128/0x1d0 blk_mq_request_issue_directly+0x4e/0xb0 Fix incorrect call to free srb in qla2xxx_mqueuecommand(), as srb is now allocated by upper layers. This fixes smatch warning of srb unintended free.

Published 2024-02-27 19:04:07

Updated 2024-12-11 16:12:09

Source Linux

View at NVD, CVE.org

Products affected by CVE-2021-46963

Linux » Linux Kernel
Versions from including (>=) 5.5 and before (<) 5.10.36
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.19.90 and before (<) 4.19.191
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.4.4 and before (<) 5.4.118
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.11 and before (<) 5.11.20
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.12 and before (<) 5.12.3
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-46963

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 5 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-46963

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST	2024-12-11
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

References for CVE-2021-46963

https://git.kernel.org/stable/c/80ef24175df2cba3860d0369d1c662b49ee2de56

scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/702cdaa2c6283c135ef16d52e0e4e3c1005aa538

scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/6641df81ab799f28a5d564f860233dd26cca0d93

scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/77509a238547863040a42d57c72403f7d4c89a8f

scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/c5ab9b67d8b061de74e2ca51bf787ee599bd7f89

scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/a73208e3244127ef9f2cdf24e4adb947aaa32053

scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2021-46963

Products affected by CVE-2021-46963

Exploit prediction scoring system (EPSS) score for CVE-2021-46963

CVSS scores for CVE-2021-46963

References for CVE-2021-46963