CVE-2024-49891

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-49891

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-49891.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-49891

Downstream

BELL-CVE-2024-49891

DEBIAN-CVE-2024-49891

DLA-4076-1

OESA-2024-2518

OESA-2024-2519

OESA-2024-2521

OESA-2024-2522

SUSE-SU-2024:3984-1

SUSE-SU-2024:3986-1

SUSE-SU-2024:4100-1

SUSE-SU-2024:4315-1

SUSE-SU-2024:4318-1

SUSE-SU-2024:4364-1

SUSE-SU-2024:4376-1

SUSE-SU-2024:4387-1

SUSE-SU-2025:0034-1

UBUNTU-CVE-2024-49891

USN-7301-1

USN-7303-1

USN-7303-2

USN-7303-3

USN-7304-1

USN-7310-1

USN-7311-1

USN-7384-1

USN-7384-2

USN-7385-1

USN-7386-1

USN-7403-1

USN-7468-1

openSUSE-SU-2024:14500-1

openSUSE-SU-2025:14705-1

Related

Published

2024-10-21T18:15:11Z

Modified

2025-08-09T20:01:26Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths

When the HBA is undergoing a reset or is handling an errata event, NULL ptr dereference crashes may occur in routines such as lpfcsliflushiorings(), lpfcdevlosstmocallbk(), or lpfcaborthandler().

Add NULL ptr checks before dereferencing hdwq pointers that may have been freed due to operations colliding with a reset or errata event handler.

References

Affected packages