Linux Kernel NULL Pointer Dereference Vulnerability in QLogic Fibre Channel Driver

A vulnerability allowing a NULL pointer dereference has been identified in the QLogic Fibre Channel driver (qla2xxx) of the Linux kernel. This issue arises because the function exits when a certain control structure (sa_ctl) is NULL, while a related pointer (fcport) is allocated after the exit, leading to a dereference of the NULL pointer when the function concludes. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability can lead to a NULL pointer dereference, causing a crash or undefined behavior in the kernel.

Reproduction

The vulnerability can be reproduced by invoking the 'qla24xx_issue_sa_replace_iocb' function in the QLogic Fibre Channel driver when the 'sa_ctl' parameter is NULL. This scenario can be triggered by certain Fibre Channel events that do not provide a valid 'sa_ctl' allocation, while still attempting to access the 'fcport' pointer, which leads to the NULL dereference.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been addressed.