Vulnerability-Lookup

BDU:2025-02987

Vulnerability from fstec - Published: 29.03.2021

Title

Уязвимость функции qla2xxx_mqueuecommand() модуля drivers/scsi/qla2xxx/qla_os.c - драйвера поддержки устройств SCSI ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании.

Description

Уязвимость функции qla2xxx_mqueuecommand() модуля drivers/scsi/qla2xxx/qla_os.c - драйвера поддержки устройств SCSI ядра операционной системы Linux связана с повторным использованием ранее освобожденной памяти. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании.

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vendor

Canonical Ltd., Red Hat Inc., Сообщество свободного программного обеспечения

Software Name

Ubuntu, Red Hat Enterprise Linux, Debian GNU/Linux, Linux

Software Version

18.04 LTS (Ubuntu), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), от 5.5 до 5.10.35 включительно (Linux), от 5.12 до 5.12.2 включительно (Linux), от 5.11 до 5.11.19 включительно (Linux), от 4.19.90 до 4.19.190 включительно (Linux), от 5.3.17 до 5.4 (Linux), от 5.4.4 до 5.4.117 включительно (Linux)

Possible Mitigations

В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года. Использование рекомендаций: Для Linux: https://git.kernel.org/stable/c/702cdaa2c6283c135ef16d52e0e4e3c1005aa538 https://git.kernel.org/stable/c/80ef24175df2cba3860d0369d1c662b49ee2de56 https://git.kernel.org/stable/c/77509a238547863040a42d57c72403f7d4c89a8f https://git.kernel.org/stable/c/c5ab9b67d8b061de74e2ca51bf787ee599bd7f89 https://git.kernel.org/stable/c/a73208e3244127ef9f2cdf24e4adb947aaa32053 https://git.kernel.org/stable/c/6641df81ab799f28a5d564f860233dd26cca0d93 https://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46963-32a8@gregkh/T/#u https://git.kernel.org/linus/6641df81ab799f28a5d564f860233dd26cca0d93 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2021-46963 Для Ubuntu: https://ubuntu.com/security/CVE-2021-46963 Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/CVE-2021-46963

Reference

https://git.kernel.org/stable/c/702cdaa2c6283c135ef16d52e0e4e3c1005aa538 https://git.kernel.org/stable/c/80ef24175df2cba3860d0369d1c662b49ee2de56 https://git.kernel.org/stable/c/77509a238547863040a42d57c72403f7d4c89a8f https://git.kernel.org/stable/c/c5ab9b67d8b061de74e2ca51bf787ee599bd7f89 https://git.kernel.org/stable/c/a73208e3244127ef9f2cdf24e4adb947aaa32053 https://git.kernel.org/stable/c/6641df81ab799f28a5d564f860233dd26cca0d93 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46963 https://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46963-32a8@gregkh/T/#u https://git.kernel.org/linus/6641df81ab799f28a5d564f860233dd26cca0d93 https://www.cve.org/CVERecord?id=CVE-2021-46963 https://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46963-32a8@gregkh/ https://git.linuxtesting.ru/pub/scm/linux/kernel/git/lvc/linux-stable.git/commit/?h=v5.10.176-lvc1&id=702cdaa2c6283c135ef16d52e0e4e3c1005aa538 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.191 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.118 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.36 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.20 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.3 https://access.redhat.com/security/cve/CVE-2021-46963 https://ubuntu.com/security/CVE-2021-46963 https://security-tracker.debian.org/tracker/CVE-2021-46963

CWE

CWE-416

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "18.04 LTS (Ubuntu), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), \u043e\u0442 5.5 \u0434\u043e 5.10.35 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.12 \u0434\u043e 5.12.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.11 \u0434\u043e 5.11.19 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.19.90 \u0434\u043e 4.19.190 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.3.17 \u0434\u043e 5.4 (Linux), \u043e\u0442 5.4.4 \u0434\u043e 5.4.117 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\nhttps://git.kernel.org/stable/c/702cdaa2c6283c135ef16d52e0e4e3c1005aa538\nhttps://git.kernel.org/stable/c/80ef24175df2cba3860d0369d1c662b49ee2de56\nhttps://git.kernel.org/stable/c/77509a238547863040a42d57c72403f7d4c89a8f\nhttps://git.kernel.org/stable/c/c5ab9b67d8b061de74e2ca51bf787ee599bd7f89\nhttps://git.kernel.org/stable/c/a73208e3244127ef9f2cdf24e4adb947aaa32053\nhttps://git.kernel.org/stable/c/6641df81ab799f28a5d564f860233dd26cca0d93\nhttps://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46963-32a8@gregkh/T/#u\nhttps://git.kernel.org/linus/6641df81ab799f28a5d564f860233dd26cca0d93\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2021-46963\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/CVE-2021-46963\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2021-46963",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "29.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.03.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "21.03.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-02987",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-46963",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Red Hat Enterprise Linux, Debian GNU/Linux, Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 18.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Canonical Ltd. Ubuntu 20.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.5 \u0434\u043e 5.10.35 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.12 \u0434\u043e 5.12.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.11 \u0434\u043e 5.11.19 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.19.90 \u0434\u043e 4.19.190 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.3.17 \u0434\u043e 5.4 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.4.4 \u0434\u043e 5.4.117 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 qla2xxx_mqueuecommand() \u043c\u043e\u0434\u0443\u043b\u044f drivers/scsi/qla2xxx/qla_os.c - \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 SCSI \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438.",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 qla2xxx_mqueuecommand() \u043c\u043e\u0434\u0443\u043b\u044f drivers/scsi/qla2xxx/qla_os.c - \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 SCSI \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u044b\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0440\u0430\u043d\u0435\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u043d\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438.",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://git.kernel.org/stable/c/702cdaa2c6283c135ef16d52e0e4e3c1005aa538\nhttps://git.kernel.org/stable/c/80ef24175df2cba3860d0369d1c662b49ee2de56\nhttps://git.kernel.org/stable/c/77509a238547863040a42d57c72403f7d4c89a8f\nhttps://git.kernel.org/stable/c/c5ab9b67d8b061de74e2ca51bf787ee599bd7f89\nhttps://git.kernel.org/stable/c/a73208e3244127ef9f2cdf24e4adb947aaa32053\nhttps://git.kernel.org/stable/c/6641df81ab799f28a5d564f860233dd26cca0d93\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46963\nhttps://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46963-32a8@gregkh/T/#u\nhttps://git.kernel.org/linus/6641df81ab799f28a5d564f860233dd26cca0d93\nhttps://www.cve.org/CVERecord?id=CVE-2021-46963\nhttps://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46963-32a8@gregkh/\nhttps://git.linuxtesting.ru/pub/scm/linux/kernel/git/lvc/linux-stable.git/commit/?h=v5.10.176-lvc1\u0026id=702cdaa2c6283c135ef16d52e0e4e3c1005aa538\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.191\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.118\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.36\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.20\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.3\nhttps://access.redhat.com/security/cve/CVE-2021-46963\nhttps://ubuntu.com/security/CVE-2021-46963\nhttps://security-tracker.debian.org/tracker/CVE-2021-46963",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)"
}

CVE-2021-46963 (GCVE-0-2021-46963)

Vulnerability from cvelistv5 – Published: 2024-02-27 18:47 – Updated: 2025-05-04 12:40

Title

scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand()

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() RIP: 0010:kmem_cache_free+0xfa/0x1b0 Call Trace: qla2xxx_mqueuecommand+0x2b5/0x2c0 [qla2xxx] scsi_queue_rq+0x5e2/0xa40 __blk_mq_try_issue_directly+0x128/0x1d0 blk_mq_request_issue_directly+0x4e/0xb0 Fix incorrect call to free srb in qla2xxx_mqueuecommand(), as srb is now allocated by upper layers. This fixes smatch warning of srb unintended free.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c5ab9b67d8b061de7…
	https://git.kernel.org/stable/c/77509a23854786304…
	https://git.kernel.org/stable/c/702cdaa2c6283c135…
	https://git.kernel.org/stable/c/80ef24175df2cba38…
	https://git.kernel.org/stable/c/a73208e3244127ef9…
	https://git.kernel.org/stable/c/6641df81ab799f28a…

Impacted products

Vendor

Product

Version

Linux

Affected: 64a8c5018a4b21b04a756a56c495ef47c14e92d9 , < c5ab9b67d8b061de74e2ca51bf787ee599bd7f89 (git)
Affected: dea6ee7173039d489977c9ed92e3749154615db4 , < 77509a238547863040a42d57c72403f7d4c89a8f (git)
Affected: af2a0c51b1205327f55a7e82e530403ae1d42cbb , < 702cdaa2c6283c135ef16d52e0e4e3c1005aa538 (git)
Affected: af2a0c51b1205327f55a7e82e530403ae1d42cbb , < 80ef24175df2cba3860d0369d1c662b49ee2de56 (git)
Affected: af2a0c51b1205327f55a7e82e530403ae1d42cbb , < a73208e3244127ef9f2cdf24e4adb947aaa32053 (git)
Affected: af2a0c51b1205327f55a7e82e530403ae1d42cbb , < 6641df81ab799f28a5d564f860233dd26cca0d93 (git)
Affected: 4a1cc2f71bc57cf8dee6f58e7d2355a43aabb312 (git)

Linux

Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 4.19.191 , ≤ 4.19.* (semver)
Unaffected: 5.4.118 , ≤ 5.4.* (semver)
Unaffected: 5.10.36 , ≤ 5.10.* (semver)
Unaffected: 5.11.20 , ≤ 5.11.* (semver)
Unaffected: 5.12.3 , ≤ 5.12.* (semver)
Unaffected: 5.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46963",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-27T20:13:28.391773Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:03.103Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.900Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c5ab9b67d8b061de74e2ca51bf787ee599bd7f89"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/77509a238547863040a42d57c72403f7d4c89a8f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/702cdaa2c6283c135ef16d52e0e4e3c1005aa538"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/80ef24175df2cba3860d0369d1c662b49ee2de56"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a73208e3244127ef9f2cdf24e4adb947aaa32053"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6641df81ab799f28a5d564f860233dd26cca0d93"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/qla2xxx/qla_os.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c5ab9b67d8b061de74e2ca51bf787ee599bd7f89",
              "status": "affected",
              "version": "64a8c5018a4b21b04a756a56c495ef47c14e92d9",
              "versionType": "git"
            },
            {
              "lessThan": "77509a238547863040a42d57c72403f7d4c89a8f",
              "status": "affected",
              "version": "dea6ee7173039d489977c9ed92e3749154615db4",
              "versionType": "git"
            },
            {
              "lessThan": "702cdaa2c6283c135ef16d52e0e4e3c1005aa538",
              "status": "affected",
              "version": "af2a0c51b1205327f55a7e82e530403ae1d42cbb",
              "versionType": "git"
            },
            {
              "lessThan": "80ef24175df2cba3860d0369d1c662b49ee2de56",
              "status": "affected",
              "version": "af2a0c51b1205327f55a7e82e530403ae1d42cbb",
              "versionType": "git"
            },
            {
              "lessThan": "a73208e3244127ef9f2cdf24e4adb947aaa32053",
              "status": "affected",
              "version": "af2a0c51b1205327f55a7e82e530403ae1d42cbb",
              "versionType": "git"
            },
            {
              "lessThan": "6641df81ab799f28a5d564f860233dd26cca0d93",
              "status": "affected",
              "version": "af2a0c51b1205327f55a7e82e530403ae1d42cbb",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "4a1cc2f71bc57cf8dee6f58e7d2355a43aabb312",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/qla2xxx/qla_os.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.191",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.118",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.11.*",
              "status": "unaffected",
              "version": "5.11.20",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.191",
                  "versionStartIncluding": "4.19.90",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.118",
                  "versionStartIncluding": "5.4.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.36",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.11.20",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12.3",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.13",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.3.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand()\n\n    RIP: 0010:kmem_cache_free+0xfa/0x1b0\n    Call Trace:\n       qla2xxx_mqueuecommand+0x2b5/0x2c0 [qla2xxx]\n       scsi_queue_rq+0x5e2/0xa40\n       __blk_mq_try_issue_directly+0x128/0x1d0\n       blk_mq_request_issue_directly+0x4e/0xb0\n\nFix incorrect call to free srb in qla2xxx_mqueuecommand(), as srb is now\nallocated by upper layers. This fixes smatch warning of srb unintended\nfree."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:40:39.273Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c5ab9b67d8b061de74e2ca51bf787ee599bd7f89"
        },
        {
          "url": "https://git.kernel.org/stable/c/77509a238547863040a42d57c72403f7d4c89a8f"
        },
        {
          "url": "https://git.kernel.org/stable/c/702cdaa2c6283c135ef16d52e0e4e3c1005aa538"
        },
        {
          "url": "https://git.kernel.org/stable/c/80ef24175df2cba3860d0369d1c662b49ee2de56"
        },
        {
          "url": "https://git.kernel.org/stable/c/a73208e3244127ef9f2cdf24e4adb947aaa32053"
        },
        {
          "url": "https://git.kernel.org/stable/c/6641df81ab799f28a5d564f860233dd26cca0d93"
        }
      ],
      "title": "scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46963",
    "datePublished": "2024-02-27T18:47:01.783Z",
    "dateReserved": "2024-02-27T18:42:55.942Z",
    "dateUpdated": "2025-05-04T12:40:39.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2025-02987

CVE-2021-46963 (GCVE-0-2021-46963)

Tags

Sightings

Nomenclature