CVE-2021-47198

Published: Apr 10, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine An error is detected with the following report when unloading the driver: "KASAN: use-after-free in lpfc_unreg_rpi+0x1b1b" The NLP_REG_LOGIN_SEND nlp_flag is set in lpfc_reg_fab_ctrl_node(), but the flag is not cleared upon completion of the login. This allows a second call to lpfc_unreg_rpi() to proceed with nlp_rpi set to LPFC_RPI_ALLOW_ERROR. This results in a use after free access when used as an rpi_ids array index. Fix by clearing the NLP_REG_LOGIN_SEND nlp_flag in lpfc_mbx_cmpl_fc_reg_login().

Vendor	Product	Versions
Linux	Linux	affected `fe83e3b9b422ac8ece2359c7b7290efe7f0335a2 - < dbebf865b3239595c1d4dba063b122862583b52a` affected `fe83e3b9b422ac8ece2359c7b7290efe7f0335a2 - < 79b20beccea3a3938a8500acef4e6b9d7c66142f`
Linux	Linux	affected `5.14` unaffected `0 - < 5.14` unaffected `5.15.5 - <= 5.15.` unaffected `5.16 - <= `

References

https://git.kernel.org/stable/c/dbebf865b3239595c1d4dba063b122862583b52a

https://git.kernel.org/stable/c/79b20beccea3a3938a8500acef4e6b9d7c66142f

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-47198

Description

Affected Products

References