Linux Kernel ibmvfc Driver Resource Management Vulnerability Leading to Memory Issues and List Corruption

Vulnerability

A vulnerability in the Linux kernel's ibmvfc SCSI driver has been addressed, concerning the management of queue resources. Currently, resources are allocated and freed for each CRQ connection event, such as resets and live partition migrations. This approach creates several problems: it inefficiently reallocates memory that could be reused after sanitization, risks allocation failures under memory pressure, and introduces a race condition where command processing can interfere with an event pool being deleted. The vulnerability can lead to list corruption, as demonstrated by a kernel exception trace.

Impact

The vulnerability can cause memory management inefficiencies, allocation failures under memory pressure, and list corruption due to race conditions in the event pool management.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ibmvfc Driver Resource Management Vulnerability Leading to Memory Issues and List Corruption

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating