7.8
HIGH
CVE-2024-53227
"BFA Linux Kernel SCSI Use-After-Free Vulnerability"
Description

In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Fix use-after-free in bfad_im_module_exit() BUG: KASAN: slab-use-after-free in __lock_acquire+0x2aca/0x3a20 Read of size 8 at addr ffff8881082d80c8 by task modprobe/25303 Call Trace: <TASK> dump_stack_lvl+0x95/0xe0 print_report+0xcb/0x620 kasan_report+0xbd/0xf0 __lock_acquire+0x2aca/0x3a20 lock_acquire+0x19b/0x520 _raw_spin_lock+0x2b/0x40 attribute_container_unregister+0x30/0x160 fc_release_transport+0x19/0x90 [scsi_transport_fc] bfad_im_module_exit+0x23/0x60 [bfa] bfad_init+0xdb/0xff0 [bfa] do_one_initcall+0xdc/0x550 do_init_module+0x22d/0x6b0 load_module+0x4e96/0x5ff0 init_module_from_file+0xcd/0x130 idempotent_init_module+0x330/0x620 __x64_sys_finit_module+0xb3/0x110 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f </TASK> Allocated by task 25303: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x7f/0x90 fc_attach_transport+0x4f/0x4740 [scsi_transport_fc] bfad_im_module_init+0x17/0x80 [bfa] bfad_init+0x23/0xff0 [bfa] do_one_initcall+0xdc/0x550 do_init_module+0x22d/0x6b0 load_module+0x4e96/0x5ff0 init_module_from_file+0xcd/0x130 idempotent_init_module+0x330/0x620 __x64_sys_finit_module+0xb3/0x110 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 25303: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x38/0x50 kfree+0x212/0x480 bfad_im_module_init+0x7e/0x80 [bfa] bfad_init+0x23/0xff0 [bfa] do_one_initcall+0xdc/0x550 do_init_module+0x22d/0x6b0 load_module+0x4e96/0x5ff0 init_module_from_file+0xcd/0x130 idempotent_init_module+0x330/0x620 __x64_sys_finit_module+0xb3/0x110 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Above issue happens as follows: bfad_init error = bfad_im_module_init() fc_release_transport(bfad_im_scsi_transport_template); if (error) goto ext; ext: bfad_im_module_exit(); fc_release_transport(bfad_im_scsi_transport_template); --> Trigger double release Don't call bfad_im_module_exit() if bfad_im_module_init() failed.

INFO

Published Date :

Dec. 27, 2024, 2:15 p.m.

Last Modified :

Feb. 11, 2025, 4:15 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.8
Public PoC/Exploit Available at Github

CVE-2024-53227 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2024-53227 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-53227.

URL Resource
https://git.kernel.org/stable/c/0ceac8012d3ddea3317f0d82934293d05feb8af1 Patch
https://git.kernel.org/stable/c/178b8f38932d635e90f5f0e9af1986c6f4a89271 Patch
https://git.kernel.org/stable/c/1ffdde30a90bf8efe8f270407f486706962b3292 Patch
https://git.kernel.org/stable/c/3932c753f805a02e9364a4c58b590f21901f8490 Patch
https://git.kernel.org/stable/c/8f5a97443b547b4c83f876f1d6a11df0f1fd4efb Patch
https://git.kernel.org/stable/c/a2b5035ab0e368e8d8a371e27fbc72f133c0bd40 Patch
https://git.kernel.org/stable/c/c28409f851abd93b37969cac7498828ad533afd9 Patch
https://git.kernel.org/stable/c/e76181a5be90abcc3ed8a300bd13878aa214d022 Patch
https://git.kernel.org/stable/c/ef2c2580189ea88a0dcaf56eb3a565763a900edb Patch

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
cku-heise/euvd-api-doc

None

Updated: 3 days ago
4 stars 1 fork 1 watcher
Born at : April 16, 2025, 1:43 p.m. This repo has been linked 280 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-53227 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2024-53227 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Feb. 11, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-416
  • Initial Analysis by [email protected]

    Jan. 10, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Added CWE NIST CWE-416
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 2.6.32 up to (excluding) 4.19.325 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.287 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.231 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.174 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.120 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.64 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.11.11 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.12 up to (excluding) 6.12.2
    Changed Reference Type https://git.kernel.org/stable/c/0ceac8012d3ddea3317f0d82934293d05feb8af1 No Types Assigned https://git.kernel.org/stable/c/0ceac8012d3ddea3317f0d82934293d05feb8af1 Patch
    Changed Reference Type https://git.kernel.org/stable/c/178b8f38932d635e90f5f0e9af1986c6f4a89271 No Types Assigned https://git.kernel.org/stable/c/178b8f38932d635e90f5f0e9af1986c6f4a89271 Patch
    Changed Reference Type https://git.kernel.org/stable/c/1ffdde30a90bf8efe8f270407f486706962b3292 No Types Assigned https://git.kernel.org/stable/c/1ffdde30a90bf8efe8f270407f486706962b3292 Patch
    Changed Reference Type https://git.kernel.org/stable/c/3932c753f805a02e9364a4c58b590f21901f8490 No Types Assigned https://git.kernel.org/stable/c/3932c753f805a02e9364a4c58b590f21901f8490 Patch
    Changed Reference Type https://git.kernel.org/stable/c/8f5a97443b547b4c83f876f1d6a11df0f1fd4efb No Types Assigned https://git.kernel.org/stable/c/8f5a97443b547b4c83f876f1d6a11df0f1fd4efb Patch
    Changed Reference Type https://git.kernel.org/stable/c/a2b5035ab0e368e8d8a371e27fbc72f133c0bd40 No Types Assigned https://git.kernel.org/stable/c/a2b5035ab0e368e8d8a371e27fbc72f133c0bd40 Patch
    Changed Reference Type https://git.kernel.org/stable/c/c28409f851abd93b37969cac7498828ad533afd9 No Types Assigned https://git.kernel.org/stable/c/c28409f851abd93b37969cac7498828ad533afd9 Patch
    Changed Reference Type https://git.kernel.org/stable/c/e76181a5be90abcc3ed8a300bd13878aa214d022 No Types Assigned https://git.kernel.org/stable/c/e76181a5be90abcc3ed8a300bd13878aa214d022 Patch
    Changed Reference Type https://git.kernel.org/stable/c/ef2c2580189ea88a0dcaf56eb3a565763a900edb No Types Assigned https://git.kernel.org/stable/c/ef2c2580189ea88a0dcaf56eb3a565763a900edb Patch
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Dec. 27, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Fix use-after-free in bfad_im_module_exit() BUG: KASAN: slab-use-after-free in __lock_acquire+0x2aca/0x3a20 Read of size 8 at addr ffff8881082d80c8 by task modprobe/25303 Call Trace: <TASK> dump_stack_lvl+0x95/0xe0 print_report+0xcb/0x620 kasan_report+0xbd/0xf0 __lock_acquire+0x2aca/0x3a20 lock_acquire+0x19b/0x520 _raw_spin_lock+0x2b/0x40 attribute_container_unregister+0x30/0x160 fc_release_transport+0x19/0x90 [scsi_transport_fc] bfad_im_module_exit+0x23/0x60 [bfa] bfad_init+0xdb/0xff0 [bfa] do_one_initcall+0xdc/0x550 do_init_module+0x22d/0x6b0 load_module+0x4e96/0x5ff0 init_module_from_file+0xcd/0x130 idempotent_init_module+0x330/0x620 __x64_sys_finit_module+0xb3/0x110 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f </TASK> Allocated by task 25303: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x7f/0x90 fc_attach_transport+0x4f/0x4740 [scsi_transport_fc] bfad_im_module_init+0x17/0x80 [bfa] bfad_init+0x23/0xff0 [bfa] do_one_initcall+0xdc/0x550 do_init_module+0x22d/0x6b0 load_module+0x4e96/0x5ff0 init_module_from_file+0xcd/0x130 idempotent_init_module+0x330/0x620 __x64_sys_finit_module+0xb3/0x110 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 25303: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x38/0x50 kfree+0x212/0x480 bfad_im_module_init+0x7e/0x80 [bfa] bfad_init+0x23/0xff0 [bfa] do_one_initcall+0xdc/0x550 do_init_module+0x22d/0x6b0 load_module+0x4e96/0x5ff0 init_module_from_file+0xcd/0x130 idempotent_init_module+0x330/0x620 __x64_sys_finit_module+0xb3/0x110 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Above issue happens as follows: bfad_init error = bfad_im_module_init() fc_release_transport(bfad_im_scsi_transport_template); if (error) goto ext; ext: bfad_im_module_exit(); fc_release_transport(bfad_im_scsi_transport_template); --> Trigger double release Don't call bfad_im_module_exit() if bfad_im_module_init() failed.
    Added Reference https://git.kernel.org/stable/c/0ceac8012d3ddea3317f0d82934293d05feb8af1
    Added Reference https://git.kernel.org/stable/c/178b8f38932d635e90f5f0e9af1986c6f4a89271
    Added Reference https://git.kernel.org/stable/c/1ffdde30a90bf8efe8f270407f486706962b3292
    Added Reference https://git.kernel.org/stable/c/3932c753f805a02e9364a4c58b590f21901f8490
    Added Reference https://git.kernel.org/stable/c/8f5a97443b547b4c83f876f1d6a11df0f1fd4efb
    Added Reference https://git.kernel.org/stable/c/a2b5035ab0e368e8d8a371e27fbc72f133c0bd40
    Added Reference https://git.kernel.org/stable/c/c28409f851abd93b37969cac7498828ad533afd9
    Added Reference https://git.kernel.org/stable/c/e76181a5be90abcc3ed8a300bd13878aa214d022
    Added Reference https://git.kernel.org/stable/c/ef2c2580189ea88a0dcaf56eb3a565763a900edb
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-53227 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-53227 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
:
© cvefeed.io
Latest DB Update: Apr. 27, 2025 5:46