CVE-2024-43821

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-43821
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-43821.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-43821
Downstream
Related
Published
2024-08-17T09:21:42Z
Modified
2025-10-17T10:22:08.512817Z
Summary
scsi: lpfc: Fix a possible null pointer dereference
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Fix a possible null pointer dereference

In function lpfcxcvrdatashow, the memory allocation with kmalloc might fail, thereby making rdpcontext a null pointer. In the following context and functions that use this pointer, there are dereferencing operations, leading to null pointer dereference.

To fix this issue, a null pointer check should be added. If it is null, use scnprintf to notify the user and return len.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
479b0917e4477f49df2e3be454aac3cfa5dec171
Fixed
57600a7dd2b52c904f7c8d2cac0fd8c23868e680
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
479b0917e4477f49df2e3be454aac3cfa5dec171
Fixed
45b2a23e00d448a9e6d1f371ca3a4d4b073fe78c
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
479b0917e4477f49df2e3be454aac3cfa5dec171
Fixed
5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa

Affected versions

v6.*

v6.1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.10.1
v6.10.2
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "id": "CVE-2024-43821-6d99e31b",
        "signature_type": "Line",
        "signature_version": "v1",
        "target": {
            "file": "drivers/scsi/lpfc/lpfc_attr.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "36970859384765345623867570123839047879",
                "136473902747574616721569182295696950454",
                "242773057811663407854193676955310266009",
                "224405354381788500986282837980454677560"
            ]
        },
        "deprecated": false
    },
    {
        "id": "CVE-2024-43821-76bbbd15",
        "signature_type": "Line",
        "signature_version": "v1",
        "target": {
            "file": "drivers/scsi/lpfc/lpfc_attr.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@57600a7dd2b52c904f7c8d2cac0fd8c23868e680",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "36970859384765345623867570123839047879",
                "136473902747574616721569182295696950454",
                "242773057811663407854193676955310266009",
                "224405354381788500986282837980454677560"
            ]
        },
        "deprecated": false
    },
    {
        "id": "CVE-2024-43821-90c1f71a",
        "signature_type": "Function",
        "signature_version": "v1",
        "target": {
            "function": "lpfc_xcvr_data_show",
            "file": "drivers/scsi/lpfc/lpfc_attr.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@57600a7dd2b52c904f7c8d2cac0fd8c23868e680",
        "digest": {
            "function_hash": "73710803711532879181810466088457949342",
            "length": 3804.0
        },
        "deprecated": false
    },
    {
        "id": "CVE-2024-43821-97343df2",
        "signature_type": "Function",
        "signature_version": "v1",
        "target": {
            "function": "lpfc_xcvr_data_show",
            "file": "drivers/scsi/lpfc/lpfc_attr.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa",
        "digest": {
            "function_hash": "73710803711532879181810466088457949342",
            "length": 3804.0
        },
        "deprecated": false
    },
    {
        "id": "CVE-2024-43821-b8c66461",
        "signature_type": "Function",
        "signature_version": "v1",
        "target": {
            "function": "lpfc_xcvr_data_show",
            "file": "drivers/scsi/lpfc/lpfc_attr.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@45b2a23e00d448a9e6d1f371ca3a4d4b073fe78c",
        "digest": {
            "function_hash": "73710803711532879181810466088457949342",
            "length": 3804.0
        },
        "deprecated": false
    },
    {
        "id": "CVE-2024-43821-e671dbab",
        "signature_type": "Line",
        "signature_version": "v1",
        "target": {
            "file": "drivers/scsi/lpfc/lpfc_attr.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@45b2a23e00d448a9e6d1f371ca3a4d4b073fe78c",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "36970859384765345623867570123839047879",
                "136473902747574616721569182295696950454",
                "242773057811663407854193676955310266009",
                "224405354381788500986282837980454677560"
            ]
        },
        "deprecated": false
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.44
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.10.3