{"id":"CVE-2024-53227","summary":"scsi: bfa: Fix use-after-free in bfad_im_module_exit()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bfa: Fix use-after-free in bfad_im_module_exit()\n\nBUG: KASAN: slab-use-after-free in __lock_acquire+0x2aca/0x3a20\nRead of size 8 at addr ffff8881082d80c8 by task modprobe/25303\n\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x95/0xe0\n print_report+0xcb/0x620\n kasan_report+0xbd/0xf0\n __lock_acquire+0x2aca/0x3a20\n lock_acquire+0x19b/0x520\n _raw_spin_lock+0x2b/0x40\n attribute_container_unregister+0x30/0x160\n fc_release_transport+0x19/0x90 [scsi_transport_fc]\n bfad_im_module_exit+0x23/0x60 [bfa]\n bfad_init+0xdb/0xff0 [bfa]\n do_one_initcall+0xdc/0x550\n do_init_module+0x22d/0x6b0\n load_module+0x4e96/0x5ff0\n init_module_from_file+0xcd/0x130\n idempotent_init_module+0x330/0x620\n __x64_sys_finit_module+0xb3/0x110\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nAllocated by task 25303:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n fc_attach_transport+0x4f/0x4740 [scsi_transport_fc]\n bfad_im_module_init+0x17/0x80 [bfa]\n bfad_init+0x23/0xff0 [bfa]\n do_one_initcall+0xdc/0x550\n do_init_module+0x22d/0x6b0\n load_module+0x4e96/0x5ff0\n init_module_from_file+0xcd/0x130\n idempotent_init_module+0x330/0x620\n __x64_sys_finit_module+0xb3/0x110\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 25303:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x38/0x50\n kfree+0x212/0x480\n bfad_im_module_init+0x7e/0x80 [bfa]\n bfad_init+0x23/0xff0 [bfa]\n do_one_initcall+0xdc/0x550\n do_init_module+0x22d/0x6b0\n load_module+0x4e96/0x5ff0\n init_module_from_file+0xcd/0x130\n idempotent_init_module+0x330/0x620\n __x64_sys_finit_module+0xb3/0x110\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nAbove issue happens as follows:\n\nbfad_init\n  error = bfad_im_module_init()\n    fc_release_transport(bfad_im_scsi_transport_template);\n  if (error)\n    goto ext;\n\next:\n  bfad_im_module_exit();\n    fc_release_transport(bfad_im_scsi_transport_template);\n    --\u003e Trigger double release\n\nDon't call bfad_im_module_exit() if bfad_im_module_init() failed.","modified":"2026-03-20T12:40:50.168119Z","published":"2024-12-27T13:50:16.175Z","related":["SUSE-SU-2025:0289-1","SUSE-SU-2025:0428-1","SUSE-SU-2025:0499-1","SUSE-SU-2025:0556-1","SUSE-SU-2025:0557-1","SUSE-SU-2025:0565-1","SUSE-SU-2025:0577-1","SUSE-SU-2025:0577-2","SUSE-SU-2025:20165-1","SUSE-SU-2025:20166-1","SUSE-SU-2025:20248-1","SUSE-SU-2025:20249-1","USN-7276-1","USN-7277-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53227.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0ceac8012d3ddea3317f0d82934293d05feb8af1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/178b8f38932d635e90f5f0e9af1986c6f4a89271"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1ffdde30a90bf8efe8f270407f486706962b3292"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3932c753f805a02e9364a4c58b590f21901f8490"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8f5a97443b547b4c83f876f1d6a11df0f1fd4efb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a2b5035ab0e368e8d8a371e27fbc72f133c0bd40"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c28409f851abd93b37969cac7498828ad533afd9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e76181a5be90abcc3ed8a300bd13878aa214d022"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ef2c2580189ea88a0dcaf56eb3a565763a900edb"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53227.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53227"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"7725ccfda59715ecf8f99e3b520a0b84cc2ea79e"},{"fixed":"0ceac8012d3ddea3317f0d82934293d05feb8af1"},{"fixed":"3932c753f805a02e9364a4c58b590f21901f8490"},{"fixed":"ef2c2580189ea88a0dcaf56eb3a565763a900edb"},{"fixed":"e76181a5be90abcc3ed8a300bd13878aa214d022"},{"fixed":"8f5a97443b547b4c83f876f1d6a11df0f1fd4efb"},{"fixed":"c28409f851abd93b37969cac7498828ad533afd9"},{"fixed":"1ffdde30a90bf8efe8f270407f486706962b3292"},{"fixed":"a2b5035ab0e368e8d8a371e27fbc72f133c0bd40"},{"fixed":"178b8f38932d635e90f5f0e9af1986c6f4a89271"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53227.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}