Linux Kernel NULL Pointer Dereference Vulnerability in QLogic Fibre Channel Driver

A potential NULL pointer dereference vulnerability has been identified in the Linux kernel's QLogic Fibre Channel driver (qla2xxx) within the SCSI subsystem. This issue affects the stable versions of the Linux kernel. The vulnerability arises because the 'cur_dsd' pointer may be dereferenced without proper validation, as reported by the Klocwork static analysis tool. This could lead to undefined behavior or a system crash.

Impact

Exploitation of this vulnerability could lead to a NULL pointer dereference, causing a system crash or undefined behavior.

Reproduction

The vulnerability can be reproduced by triggering a SCSI command that is processed by the QLogic Fibre Channel driver. The specific conditions that lead to the NULL pointer dereference involve scenarios where the 'cur_dsd' pointer is not properly validated before being dereferenced. This can occur when the driver processes SCSI commands with certain data transfer characteristics, particularly when the command does not include data or when the data direction is not specified.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The official Linux kernel Git repository includes the necessary patches.