CVE-2024-49852

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-49852
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-49852.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-49852
Downstream
Related
Published
2024-10-21T12:18:45.418Z
Modified
2025-11-28T02:35:44.781165Z
Summary
scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del()
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: elx: libefc: Fix potential use after free in efcnportvport_del()

The krefput() function will call nport->release if the refcount drops to zero. The nport->release release function is _efcnport_free() which frees "nport". But then we dereference "nport" on the next line which is a use after free. Re-order these lines to avoid the use after free.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/49xxx/CVE-2024-49852.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fcd427303eb90aa3cb08e7e0b68e0e67a6d47346
Fixed
16a570f07d870a285b0c0b0d1ca4dff79e8aa5ff
Fixed
abc71e89170ed32ecf0a5a29f31aa711e143e941
Fixed
baeb8628ab7f4577740f00e439d3fdf7c876b0ff
Fixed
7c2908985e4ae0ea1b526b3916de9e5351650908
Fixed
98752fcd076a8cbc978016eae7125b4971be1eec
Fixed
2e4b02fad094976763af08fec2c620f4f8edd9ae

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.14.0
Fixed
5.15.168
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.113
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.54
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.10.13
Type
ECOSYSTEM
Events
Introduced
6.11.0
Fixed
6.11.2