CVE-2024-53227

HIGH EPSS 18.6%
Published Dec 27, 20241y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Dec 27, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Fix use-after-free in bfad_im_module_exit() BUG: KASAN: slab-use-after-free in __lock_acquire+0x2aca/0x3a20 Read of size 8 at addr ffff8881082d80c8 by task modprobe/25303 Call Trace: <TASK> dump_stack_lvl+0x95/0xe0 print_report+0xcb/0x620 kasan_report+0xbd/0xf0 __lock_acquire+0x2aca/0x3a20 lock_acquire+0x19b/0x520 _raw_spin_lock+0x2b/0x40 attribute_container_unregister+0x30/0x160 fc_release_transport+0x19/0x90 [scsi_transport_fc] bfad_im_module_exit+0x23/0x60 [bfa] bfad_init+0xdb/0xff0 [bfa] do_one_initcall+0xdc/0x550 do_init_module+0x22d/0x6b0 load_module+0x4e96/0x5ff0 init_module_from_file+0xcd/0x130 idempotent_init_module+0x330/0x620 __x64_sys_finit_module+0xb3/0x110 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f </TASK> Allocated by task 25303: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x7f/0x90 fc_attach_transport+0x4f/0x4740 [scsi_transport_fc] bfad_im_module_init+0x17/0x80 [bfa] bfad_init+0x23/0xff0 [bfa] do_one_initcall+0xdc/0x550 do_init_module+0x22d/0x6b0 load_module+0x4e96/0x5ff0 init_module_from_file+0xcd/0x130 idempotent_init_module+0x330/0x620 __x64_sys_finit_module+0xb3/0x110 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 25303: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x38/0x50 kfree+0x212/0x480 bfad_im_module_init+0x7e/0x80 [bfa] bfad_init+0x23/0xff0 [bfa] do_one_initcall+0xdc/0x550 do_init_module+0x22d/0x6b0 load_module+0x4e96/0x5ff0 init_module_from_file+0xcd/0x130 idempotent_init_module+0x330/0x620 __x64_sys_finit_module+0xb3/0x110 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Above issue happens as follows: bfad_init error = bfad_im_module_init() fc_release_transport(bfad_im_scsi_transport_template); if (error) goto ext; ext: bfad_im_module_exit(); fc_release_transport(bfad_im_scsi_transport_template); --> Trigger double release Don't call bfad_im_module_exit() if bfad_im_module_init() failed.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
18.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥2.6.32  –  <4.19.325
linuxlinux_kernel*≥4.20  –  <5.4.287
linuxlinux_kernel*≥5.5  –  <5.10.231
linuxlinux_kernel*≥5.11  –  <5.15.174
linuxlinux_kernel*≥5.16  –  <6.1.120
linuxlinux_kernel*≥6.2  –  <6.6.64
linuxlinux_kernel*≥6.7  –  <6.11.11
linuxlinux_kernel*≥6.12  –  <6.12.2

References 11

  • git.kernel.org https://git.kernel.org/stable/c/0ceac8012d3ddea3317f0d82934293d05feb8af1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/178b8f38932d635e90f5f0e9af1986c6f4a89271
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1ffdde30a90bf8efe8f270407f486706962b3292
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3932c753f805a02e9364a4c58b590f21901f8490
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8f5a97443b547b4c83f876f1d6a11df0f1fd4efb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a2b5035ab0e368e8d8a371e27fbc72f133c0bd40
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c28409f851abd93b37969cac7498828ad533afd9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e76181a5be90abcc3ed8a300bd13878aa214d022
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ef2c2580189ea88a0dcaf56eb3a565763a900edb
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0ceac8012d3ddea3317f0d82934293d05feb8af1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/178b8f38932d635e90f5f0e9af1986c6f4a89271
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1ffdde30a90bf8efe8f270407f486706962b3292
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3932c753f805a02e9364a4c58b590f21901f8490
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8f5a97443b547b4c83f876f1d6a11df0f1fd4efb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a2b5035ab0e368e8d8a371e27fbc72f133c0bd40
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c28409f851abd93b37969cac7498828ad533afd9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e76181a5be90abcc3ed8a300bd13878aa214d022
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ef2c2580189ea88a0dcaf56eb3a565763a900edb
    Patch