Huawei EulerOS: CVE-2021-47203: kernel security update

Huawei EulerOS: CVE-2021-47203: kernel security update

Severity

4

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

04/10/2024

Created

07/23/2024

Added

07/23/2024

Modified

10/08/2024

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() When parsing the txq list in lpfc_drain_txq(), the driver attempts to pass the requests to the adapter. If such an attempt fails, a local "fail_msg" string is set and a log message output.The job is then added to a completions list for cancellation. Processing of any further jobs from the txq list continues, but since "fail_msg" remains set, jobs are added to the completions list regardless of whether a wqe was passed to the adapter.If successfully added to txcmplq, jobs are added to both lists resulting in list corruption. Fix by clearing the fail_msg string after adding a job to the completions list. This stops the subsequent jobs from being added to the completions list unless they had an appropriate failure.

Solution(s)

• huawei-euleros-2_0_sp8-upgrade-bpftool
• huawei-euleros-2_0_sp8-upgrade-kernel
• huawei-euleros-2_0_sp8-upgrade-kernel-devel
• huawei-euleros-2_0_sp8-upgrade-kernel-headers
• huawei-euleros-2_0_sp8-upgrade-kernel-tools
• huawei-euleros-2_0_sp8-upgrade-kernel-tools-libs
• huawei-euleros-2_0_sp8-upgrade-perf
• huawei-euleros-2_0_sp8-upgrade-python-perf
• huawei-euleros-2_0_sp8-upgrade-python3-perf

References

• https://attackerkb.com/topics/cve-2021-47203
• CVE - 2021-47203
• EulerOS-SA-2024-2476