[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2023-52811Date: (C)2024-05-22   (M)2024-06-07


In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool In practice the driver should never send more commands than are allocated to a queue's event pool. In the unlikely event that this happens, the code asserts a BUG_ON, and in the case that the kernel is not configured to crash on panic returns a junk event pointer from the empty event list causing things to spiral from there. This BUG_ON is a historical artifact of the ibmvfc driver first being upstreamed, and it is well known now that the use of BUG_ON is bad practice except in the most unrecoverable scenario. There is nothing about this scenario that prevents the driver from recovering and carrying on. Remove the BUG_ON in question from ibmvfc_get_event() and return a NULL pointer in the case of an empty event pool. Update all call sites to ibmvfc_get_event() to check for a NULL pointer and perfrom the appropriate failure or recovery action.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.5CVSS Score :
Exploit Score: Exploit Score:
Impact Score: Impact Score:
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector:
Attack Complexity: Access Complexity:
Privileges Required: Authentication:
User Interaction: Confidentiality:
Scope: Integrity:
Confidentiality: Availability:
Integrity:  
Availability:  
  
Reference:
https://git.kernel.org/stable/c/88984ec4792766df5a9de7a2ff2b5f281f94c7d4
https://git.kernel.org/stable/c/8bbe784c2ff28d56ca0c548aaf3e584edc77052d
https://git.kernel.org/stable/c/b39f2d10b86d0af353ea339e5815820026bca48f
https://git.kernel.org/stable/c/d2af4ef80601224b90630c1ddc7cd2c7c8ab4dd8
https://git.kernel.org/stable/c/e1d1f79b1929dce470a5dc9281c574cd58e8c6c0

© SecPod Technologies