Linux Kernel SCSI QLA2XXX Double Free Vulnerability in FC Port Management

A vulnerability in the Linux kernel's SCSI QLA2XXX driver has been addressed, specifically related to improper management of Fibre Channel (FC) port references. In the function 'qla24xx_els_dcmd_iocb()', a pointer is incorrectly set to a free function that releases FC port resources. When an error occurs, this release function is called, potentially leading to a double free situation. The issue arises because the reference counting mechanism is not properly handled, allowing the same resource to be freed multiple times, which can lead to memory corruption.

Impact

Exploitation of this vulnerability could cause memory corruption issues due to the double free condition, which can lead to undefined behavior in the kernel, such as a denial of service or potentially allowing arbitrary code execution.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the Linux kernel can be found in the official Linux kernel documentation.