CVE-2024-42289: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: During vport delete send async logout explicitly During vport delete, it is observed that during unload we hit a crash because of stale entries in outstanding command array. For all these stale I/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but I/Os could not complete while vport delete is in process of deleting. BUG: kernel NULL pointer dereference, address: 000000000000001c #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI Workqueue: qla2xxx_wq qla_do_work [qla2xxx] RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0 RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001 RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0 RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8 R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000 R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0 Call Trace: <TASK> qla2xxx_qpair_sp_free_dma+0x417/0x4e0 ? qla2xxx_qpair_sp_compl+0x10d/0x1a0 ? qla2x00_status_entry+0x768/0x2830 ? newidle_balance+0x2f0/0x430 ? dequeue_entity+0x100/0x3c0 ? qla24xx_process_response_queue+0x6a1/0x19e0 ? __schedule+0x2d5/0x1140 ? qla_do_work+0x47/0x60 ? process_one_work+0x267/0x440 ? process_one_work+0x440/0x440 ? worker_thread+0x2d/0x3d0 ? process_one_work+0x440/0x440 ? kthread+0x156/0x180 ? set_kthread_struct+0x50/0x50 ? ret_from_fork+0x22/0x30 </TASK> Send out async logout explicitly for all the ports during vport delete.
AI Analysis
Technical Summary
CVE-2024-42289 is a vulnerability identified in the Linux kernel's SCSI subsystem, specifically within the qla2xxx driver, which manages QLogic Fibre Channel Host Bus Adapters (HBAs). The flaw occurs during the deletion of virtual ports (vports), where the driver fails to properly handle outstanding I/O commands. During the vport deletion process, stale entries remain in the outstanding command array. Although error handling routines (eh_abort) are triggered to abort these I/Os, they do not complete successfully while the vport is being deleted. This leads to a kernel NULL pointer dereference, causing a crash (kernel oops) due to an attempt to access an invalid memory address (0x1c). The crash is triggered in the dma_direct_unmap_sg function, which is responsible for unmapping scatter-gather lists used in DMA operations. The stack trace indicates that the issue arises when freeing DMA resources associated with the qla2xxx driver. The root cause is the lack of an explicit asynchronous logout command sent to all ports during vport deletion, which would otherwise ensure proper cleanup of outstanding I/O operations. This vulnerability results in a denial of service (DoS) condition by crashing the kernel, potentially leading to system instability or reboot. Since the qla2xxx driver is widely used in enterprise storage environments, particularly in SAN (Storage Area Network) configurations, this flaw can affect systems relying on Fibre Channel storage connectivity. No known exploits are reported in the wild at this time, and no CVSS score has been assigned yet. The fix involves explicitly sending asynchronous logout commands during vport deletion to ensure all I/O commands are properly completed or aborted before resource cleanup.
Potential Impact
For European organizations, the impact of CVE-2024-42289 can be significant, especially for enterprises and data centers relying on Linux servers with QLogic Fibre Channel HBAs for critical storage infrastructure. The vulnerability can cause kernel crashes leading to denial of service, which may disrupt access to storage resources, halt business-critical applications, and cause data unavailability. This is particularly impactful in sectors such as finance, telecommunications, healthcare, and manufacturing, where high availability and data integrity are paramount. The DoS condition could also complicate incident response and recovery efforts. Although this vulnerability does not directly lead to privilege escalation or data leakage, the resulting system instability and potential downtime can have severe operational and financial consequences. Additionally, organizations with large-scale virtualized environments using vports for multi-tenancy or storage segmentation may experience broader disruption. The lack of known exploits reduces immediate risk, but the widespread use of affected drivers means that timely patching is essential to prevent future exploitation attempts.
Mitigation Recommendations
To mitigate CVE-2024-42289, European organizations should: 1) Identify Linux systems using the qla2xxx driver, particularly those with QLogic Fibre Channel HBAs in SAN environments. 2) Apply the latest Linux kernel patches or updates that include the fix for this vulnerability, ensuring the asynchronous logout during vport deletion is implemented. 3) In environments where immediate patching is not feasible, consider temporarily disabling vport deletion operations or limiting administrative actions that trigger vport deletions to reduce exposure. 4) Monitor system logs for kernel oops or crashes related to the qla2xxx driver and investigate any abnormal storage or I/O errors. 5) Implement robust backup and disaster recovery plans to minimize impact from potential DoS incidents. 6) Coordinate with storage and hardware vendors to confirm compatibility and support for patched drivers. 7) For virtualized or containerized environments, validate that orchestration tools handle vport lifecycle events safely post-patch. These steps go beyond generic advice by focusing on the specific driver and operational context of the vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Belgium
CVE-2024-42289: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: During vport delete send async logout explicitly During vport delete, it is observed that during unload we hit a crash because of stale entries in outstanding command array. For all these stale I/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but I/Os could not complete while vport delete is in process of deleting. BUG: kernel NULL pointer dereference, address: 000000000000001c #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI Workqueue: qla2xxx_wq qla_do_work [qla2xxx] RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0 RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001 RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0 RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8 R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000 R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0 Call Trace: <TASK> qla2xxx_qpair_sp_free_dma+0x417/0x4e0 ? qla2xxx_qpair_sp_compl+0x10d/0x1a0 ? qla2x00_status_entry+0x768/0x2830 ? newidle_balance+0x2f0/0x430 ? dequeue_entity+0x100/0x3c0 ? qla24xx_process_response_queue+0x6a1/0x19e0 ? __schedule+0x2d5/0x1140 ? qla_do_work+0x47/0x60 ? process_one_work+0x267/0x440 ? process_one_work+0x440/0x440 ? worker_thread+0x2d/0x3d0 ? process_one_work+0x440/0x440 ? kthread+0x156/0x180 ? set_kthread_struct+0x50/0x50 ? ret_from_fork+0x22/0x30 </TASK> Send out async logout explicitly for all the ports during vport delete.
AI-Powered Analysis
Technical Analysis
CVE-2024-42289 is a vulnerability identified in the Linux kernel's SCSI subsystem, specifically within the qla2xxx driver, which manages QLogic Fibre Channel Host Bus Adapters (HBAs). The flaw occurs during the deletion of virtual ports (vports), where the driver fails to properly handle outstanding I/O commands. During the vport deletion process, stale entries remain in the outstanding command array. Although error handling routines (eh_abort) are triggered to abort these I/Os, they do not complete successfully while the vport is being deleted. This leads to a kernel NULL pointer dereference, causing a crash (kernel oops) due to an attempt to access an invalid memory address (0x1c). The crash is triggered in the dma_direct_unmap_sg function, which is responsible for unmapping scatter-gather lists used in DMA operations. The stack trace indicates that the issue arises when freeing DMA resources associated with the qla2xxx driver. The root cause is the lack of an explicit asynchronous logout command sent to all ports during vport deletion, which would otherwise ensure proper cleanup of outstanding I/O operations. This vulnerability results in a denial of service (DoS) condition by crashing the kernel, potentially leading to system instability or reboot. Since the qla2xxx driver is widely used in enterprise storage environments, particularly in SAN (Storage Area Network) configurations, this flaw can affect systems relying on Fibre Channel storage connectivity. No known exploits are reported in the wild at this time, and no CVSS score has been assigned yet. The fix involves explicitly sending asynchronous logout commands during vport deletion to ensure all I/O commands are properly completed or aborted before resource cleanup.
Potential Impact
For European organizations, the impact of CVE-2024-42289 can be significant, especially for enterprises and data centers relying on Linux servers with QLogic Fibre Channel HBAs for critical storage infrastructure. The vulnerability can cause kernel crashes leading to denial of service, which may disrupt access to storage resources, halt business-critical applications, and cause data unavailability. This is particularly impactful in sectors such as finance, telecommunications, healthcare, and manufacturing, where high availability and data integrity are paramount. The DoS condition could also complicate incident response and recovery efforts. Although this vulnerability does not directly lead to privilege escalation or data leakage, the resulting system instability and potential downtime can have severe operational and financial consequences. Additionally, organizations with large-scale virtualized environments using vports for multi-tenancy or storage segmentation may experience broader disruption. The lack of known exploits reduces immediate risk, but the widespread use of affected drivers means that timely patching is essential to prevent future exploitation attempts.
Mitigation Recommendations
To mitigate CVE-2024-42289, European organizations should: 1) Identify Linux systems using the qla2xxx driver, particularly those with QLogic Fibre Channel HBAs in SAN environments. 2) Apply the latest Linux kernel patches or updates that include the fix for this vulnerability, ensuring the asynchronous logout during vport deletion is implemented. 3) In environments where immediate patching is not feasible, consider temporarily disabling vport deletion operations or limiting administrative actions that trigger vport deletions to reduce exposure. 4) Monitor system logs for kernel oops or crashes related to the qla2xxx driver and investigate any abnormal storage or I/O errors. 5) Implement robust backup and disaster recovery plans to minimize impact from potential DoS incidents. 6) Coordinate with storage and hardware vendors to confirm compatibility and support for patched drivers. 7) For virtualized or containerized environments, validate that orchestration tools handle vport lifecycle events safely post-patch. These steps go beyond generic advice by focusing on the specific driver and operational context of the vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-30T07:40:12.267Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9828c4522896dcbe1e26
Added to database: 5/21/2025, 9:08:56 AM
Last enriched: 6/29/2025, 6:54:59 AM
Last updated: 8/1/2025, 5:40:26 AM
Views: 11
Related Threats
CVE-2025-4962: CWE-284 Improper Access Control in lunary-ai lunary-ai/lunary
HighCVE-2025-36120: CWE-863 Incorrect Authorization in IBM Storage Virtualize
HighCVE-2025-43732: CWE-639 Authorization Bypass Through User-Controlled Key in Liferay Portal
MediumCVE-2025-9103: Cross Site Scripting in ZenCart
MediumCVE-2025-41242: Vulnerability in VMware Spring Framework
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.