Primary

Context

Linux Kernel SCSI LPFC NPIV PLOGI_RJT Memory Leak Vulnerability

Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's SCSI LPFC driver, specifically related to NPIV ports handling PLOGI_RJT responses. The issue arises in the functions lpfc_ignore_els_cmpl() and lpfc_els_rsp_reject(), where memory allocated for PLOGI_RJT responses is not properly freed. This vulnerability can lead to resource exhaustion over time as leaked memory is not returned to the system.

Impact

Exploitation of this vulnerability can cause a memory leak, leading to increased memory usage and potential resource exhaustion.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel SCSI LPFC NPIV PLOGI_RJT Memory Leak Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating