Re: CVE-2024-26929: scsi: qla2xxx: Fix double free of fcport

From: Harshit Mogalapalli
Date: Sun Dec 29 2024 - 07:47:43 EST

Next message: Andrey Albershteyn: "Re: [PATCH v1 2/3] xfs/libxfs: replace kmalloc() and memcpy() with kmemdup()"
Previous message: Manfred Spraul: "Re: [RESEND PATCH] fs/pipe: Introduce a check to skip sleeping processes during pipe read/write"
In reply to: Greg Kroah-Hartman: "Re: CVE-2024-26929: scsi: qla2xxx: Fix double free of fcport"
Next in thread: Greg Kroah-Hartman: "Re: CVE-2024-26929: scsi: qla2xxx: Fix double free of fcport"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Greg,

On 29/12/24 12:54, Greg Kroah-Hartman wrote:
...

I think the broken commit/vuln commit is: 4895009c4bb7 ("scsi: qla2xxx:
Prevent command send on chip reset") and this is only present in stable
kernels newer than (>=) 5.15.y.

Is it worth putting the vuln commit information if we find out what the
broken/vuln commit is while trying to backport it to older stable kernels ?

Yes it is, our tools provide for this, see:
https://git.kernel.org/pub/scm/linux/security/vulns.git/tree/cve/schema#n69
for how to do it (i.e. give us a git id and we can add a .vulnerable
file so the tools pick it up properly, or send us a patch for that!)

Do you want to send a patch for this, or do you need us to?

I will send a patch, thanks for the guidance.

Thanks,
Harshit

thanks,

greg k-h

Next message: Andrey Albershteyn: "Re: [PATCH v1 2/3] xfs/libxfs: replace kmalloc() and memcpy() with kmemdup()"
Previous message: Manfred Spraul: "Re: [RESEND PATCH] fs/pipe: Introduce a check to skip sleeping processes during pipe read/write"
In reply to: Greg Kroah-Hartman: "Re: CVE-2024-26929: scsi: qla2xxx: Fix double free of fcport"
Next in thread: Greg Kroah-Hartman: "Re: CVE-2024-26929: scsi: qla2xxx: Fix double free of fcport"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]