Linux Kernel qla2xxx SCSI Driver Memory Corruption Vulnerability

A vulnerability in the Linux kernel's SCSI qla2xxx driver can lead to memory corruption. The issue arises in the 'qla2xxx_process_purls_iocb()' function, where an item is allocated from a per-adapter pool for small allocations. This pre-allocated item may be improperly freed using 'kfree()', instead of the correct deallocation function. The misuse of 'kfree()' can corrupt memory, especially if the item was sourced from the pre-allocated pool.

Impact

Improper memory management can lead to memory corruption, potentially causing instability or unpredictable behavior in the system.

Reproduction

The vulnerability can be reproduced by triggering the 'qla2xxx_process_purls_iocb()' function in the SCSI qla2xxx driver. This function will allocate an item from a per-adapter pool, which may be pre-allocated. If an error occurs and the item is freed using 'kfree()', the vulnerability is triggered, as this incorrectly deallocates the pre-allocated item, leading to memory corruption.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.