CVE-2024-26930

Published: May 1, 2024Modified: Mar 7, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix double free of the ha->vp_map pointer Coverity scan reported potential risk of double free of the pointer ha->vp_map. ha->vp_map was freed in qla2x00_mem_alloc(), and again freed in function qla2x00_mem_free(ha). Assign NULL to vp_map and kfree take care of NULL.

Affected (4)

Products: Linux: Linux Kernel

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.3 to 6.6.24
Linux Linux Kernel	From 6.7 to 6.7.12
Linux Linux Kernel	From 6.8 to 6.8.3
Linux Linux Kernel	Version 6.9 rc1

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (8)

https://git.kernel.org/stable/c/825d63164a2e6bacb059a9afb5605425b485413f

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/b7deb675d674f44e0ddbab87fee8f9f098925e73

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/e288285d47784fdcf7c81be56df7d65c6f10c58b

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/f14cee7a882cb79528f17a2335f53e9fd1848467

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/825d63164a2e6bacb059a9afb5605425b485413f

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/b7deb675d674f44e0ddbab87fee8f9f098925e73

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/e288285d47784fdcf7c81be56df7d65c6f10c58b

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/f14cee7a882cb79528f17a2335f53e9fd1848467

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.