cve/published/2024/CVE-2024-26929.vulnerable | 1 + 1 file changed, 1 insertion(+) create mode 100644 cve/published/2024/CVE-2024-26929.vulnerable
This CVE fixes: 4895009c4bb7 ("scsi: qla2xxx: Prevent command send on
chip reset") so add that information in vulnerable commit.
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
---
cve/published/2024/CVE-2024-26929.vulnerable | 1 +
1 file changed, 1 insertion(+)
create mode 100644 cve/published/2024/CVE-2024-26929.vulnerable
diff --git a/cve/published/2024/CVE-2024-26929.vulnerable b/cve/published/2024/CVE-2024-26929.vulnerable
new file mode 100644
index 000000000000..b946d6f2786b
--- /dev/null
+++ b/cve/published/2024/CVE-2024-26929.vulnerable
@@ -0,0 +1 @@
+4895009c4bb72f71f2e682f1e7d2c2d96e482087
--
2.46.0On Thu, Jan 02, 2025 at 12:48:26PM -0800, Harshit Mogalapalli wrote:
> This CVE fixes: 4895009c4bb7 ("scsi: qla2xxx: Prevent command send on
> chip reset") so add that information in vulnerable commit.
>
> Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
> ---
> cve/published/2024/CVE-2024-26929.vulnerable | 1 +
> 1 file changed, 1 insertion(+)
> create mode 100644 cve/published/2024/CVE-2024-26929.vulnerable
>
> diff --git a/cve/published/2024/CVE-2024-26929.vulnerable b/cve/published/2024/CVE-2024-26929.vulnerable
> new file mode 100644
> index 000000000000..b946d6f2786b
> --- /dev/null
> +++ b/cve/published/2024/CVE-2024-26929.vulnerable
> @@ -0,0 +1 @@
> +4895009c4bb72f71f2e682f1e7d2c2d96e482087
> --
> 2.46.0
>
>
Ok, by doing this it means this whole CVE needs to be rejected as the
vulnerable commit never shows up in a a release on its own. Are you
sure about this? If so, let's just reject the CVE.
thanks,
greg k-h
Hi Greg,
+CC qla2xxx experts
On 03/01/25 12:22, Greg KH wrote:
> On Thu, Jan 02, 2025 at 12:48:26PM -0800, Harshit Mogalapalli wrote:
>> This CVE fixes: 4895009c4bb7 ("scsi: qla2xxx: Prevent command send on
>> chip reset") so add that information in vulnerable commit.
>>
>> Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
>> ---
>> cve/published/2024/CVE-2024-26929.vulnerable | 1 +
>> 1 file changed, 1 insertion(+)
>> create mode 100644 cve/published/2024/CVE-2024-26929.vulnerable
>>
>> diff --git a/cve/published/2024/CVE-2024-26929.vulnerable b/cve/published/2024/CVE-2024-26929.vulnerable
>> new file mode 100644
>> index 000000000000..b946d6f2786b
>> --- /dev/null
>> +++ b/cve/published/2024/CVE-2024-26929.vulnerable
>> @@ -0,0 +1 @@
>> +4895009c4bb72f71f2e682f1e7d2c2d96e482087
>> --
>> 2.46.0
>>
>>
>
> Ok, by doing this it means this whole CVE needs to be rejected as the
> vulnerable commit never shows up in a a release on its own. Are you
> sure about this? If so, let's just reject the CVE.
>
My reasoning is as follows:
The CVE fix commit: 82f522ae0d97 ("scsi: qla2xxx: Fix double free of
fcport") states,
""
Remove one of the free calls and add check for valid fcport. Also use
function qla2x00_free_fcport() instead of kfree().
@@ -2784,7 +2786,6 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int
els_opcode,
fcport->d_id.b.area, fcport->d_id.b.al_pa);
wait_for_completion(&elsio->u.els_logo.comp);
- qla2x00_free_fcport(fcport);
/* ref: INIT */
kref_put(&sp->cmd_kref, qla2x00_sp_release);
""
and the same function has this sp->free = qla2x00_els_dcmd_sp_free; so
fcport is freed twice.
and this qla2xxx_free_fcport(fcport) in the success path is added by
commit: 4895009c4bb7 ("scsi: qla2xxx: Prevent command send on chip
reset") so I think this commit introduced the problem.
Thanks,
Harshit
> thanks,
>
> greg k-h
On Fri, Jan 03, 2025 at 01:53:19PM +0530, Harshit Mogalapalli wrote:
> Hi Greg,
>
> +CC qla2xxx experts
>
> On 03/01/25 12:22, Greg KH wrote:
> > On Thu, Jan 02, 2025 at 12:48:26PM -0800, Harshit Mogalapalli wrote:
> > > This CVE fixes: 4895009c4bb7 ("scsi: qla2xxx: Prevent command send on
> > > chip reset") so add that information in vulnerable commit.
> > >
> > > Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
> > > ---
> > > cve/published/2024/CVE-2024-26929.vulnerable | 1 +
> > > 1 file changed, 1 insertion(+)
> > > create mode 100644 cve/published/2024/CVE-2024-26929.vulnerable
> > >
> > > diff --git a/cve/published/2024/CVE-2024-26929.vulnerable b/cve/published/2024/CVE-2024-26929.vulnerable
> > > new file mode 100644
> > > index 000000000000..b946d6f2786b
> > > --- /dev/null
> > > +++ b/cve/published/2024/CVE-2024-26929.vulnerable
> > > @@ -0,0 +1 @@
> > > +4895009c4bb72f71f2e682f1e7d2c2d96e482087
> > > --
> > > 2.46.0
> > >
> > >
> >
> > Ok, by doing this it means this whole CVE needs to be rejected as the
> > vulnerable commit never shows up in a a release on its own. Are you
> > sure about this? If so, let's just reject the CVE.
> >
>
> My reasoning is as follows:
>
> The CVE fix commit: 82f522ae0d97 ("scsi: qla2xxx: Fix double free of
> fcport") states,
>
> ""
> Remove one of the free calls and add check for valid fcport. Also use
> function qla2x00_free_fcport() instead of kfree().
>
> @@ -2784,7 +2786,6 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *vha, int
> els_opcode,
> fcport->d_id.b.area, fcport->d_id.b.al_pa);
>
> wait_for_completion(&elsio->u.els_logo.comp);
> - qla2x00_free_fcport(fcport);
>
> /* ref: INIT */
> kref_put(&sp->cmd_kref, qla2x00_sp_release);
>
> ""
>
> and the same function has this sp->free = qla2x00_els_dcmd_sp_free; so
> fcport is freed twice.
>
> and this qla2xxx_free_fcport(fcport) in the success path is added by commit:
> 4895009c4bb7 ("scsi: qla2xxx: Prevent command send on chip reset") so I
> think this commit introduced the problem.
Thanks for this, I've now rejected the cve entirely.
greg k-h
© 2016 - 2026 Red Hat, Inc.