Linux Kernel SCSI QLA4XXX Error Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's SCSI QLA4XXX driver can lead to a potential error pointer dereference. The issue arises in the 'qla4xxx_get_ep_fwdb()' function, which is intended to return NULL on error. However, the 'qla4xxx_ep_connect()' function returns error pointers instead. This discrepancy can cause a kernel 'Oops' error in the caller by propagating the error pointers. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can cause a kernel 'Oops' error, indicating a serious issue that can disrupt system operations and potentially lead to a denial of service.

Reproduction

The vulnerability can be reproduced by invoking the 'qla4xxx_get_ep_fwdb()' function in the SCSI QLA4XXX driver. When an error occurs, instead of returning NULL, the function 'qla4xxx_ep_connect()' will return an error pointer. This error pointer, if not properly handled, will lead to a kernel 'Oops' error in the caller, demonstrating the pointer dereference vulnerability.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for upgrading the Linux kernel can be found in the official Linux documentation.