Linux Kernel SCSI lpfc Resource Leak Vulnerability

Vulnerability

A resource leak vulnerability has been identified in the Linux kernel's SCSI lpfc driver. When the lpfc_complete_unsol_iocb() function receives a frame with an unhandled type, the frame is discarded, leading to a leak of resources. The vulnerability arises because the function fails to properly return resources before dropping the frame. Additionally, the handling of NOP basic link service in the lpfc_fc_frame_check() function requires an update.

Impact

Exploitation of this vulnerability leads to a resource leak, where resources are not properly returned after an unhandled frame type is discarded. This can potentially cause memory exhaustion or other resource-related issues.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel SCSI lpfc Resource Leak Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating