Use-After-Free Vulnerability in Linux Kernel's SCSI LPFC Driver
CVE-2023-53282
What is CVE-2023-53282?
A use-after-free vulnerability was identified in the SCSI LPFC driver of the Linux kernel, manifesting during the sysfs firmware write operation. This issue arises when the routine attempts to access a memory reference that has already been released, leading to potential memory access violations. The vulnerability was triggered within the lpfc_wr_object() function, where internal mailbox memory was referenced after its deallocation. This flaw could lead to unintended behaviors within the driver and compromises system stability. A fix has been implemented to ensure that memory cleanup occurs at the end of relevant routines, preventing such access violations.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 51ab4eb1a25e73c7fc2ad9026520c4d8369c93cc
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8dfefa8f424ab208e552df1bfd008b732f3d0ad1
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8becb97918f04bb177bc9c4e00c2bdb302e00944