Linux Kernel SCSI FNIC Double Free Vulnerability Leading to Crash

A vulnerability in the Linux kernel's SCSI FNIC driver can cause a system crash due to improper handling of FDMI requests. When both the RHBA and RPA FDMI requests time out, the driver reuses a frame to send ABTS for each request. This reuse leads to an attempt to free the same frame twice, causing a crash. The vulnerability has been addressed by allocating separate frames for RHBA and RPA requests and modifying the ABTS logic accordingly.

Impact

The vulnerability can lead to a system crash by causing a double free error in the SCSI FNIC driver.

Reproduction

The vulnerability can be reproduced by using an instrumented SCSI FNIC driver to drop various combinations of FDMI response messages, including PLOGI, RHBA, and RPA responses. Dropping these responses can simulate the conditions that lead to the timeout and frame reuse issue, causing the driver to attempt to free the same frame multiple times, which results in a crash.