In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress If during iscsi_sw_tcp_session_create() iscsi_tcp_r2tpool_alloc() fails, userspace could be accessing the host's ipaddress attr. If we then free the session via iscsi_session_teardown() while userspace is still accessing the session we will hit a use after free bug. Set the tcp_sw_host->session after we have completed session creation and can no longer fail.
2025-03-27T17:15:44.417
2025-04-01T15:39:48.477
Analyzed
416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSSv3.1: 7.8 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | linux | linux_kernel | < 4.14.306 | Yes |
| Operating System | linux | linux_kernel | < 4.19.273 | Yes |
| Operating System | linux | linux_kernel | < 5.4.232 | Yes |
| Operating System | linux | linux_kernel | < 5.10.168 | Yes |
| Operating System | linux | linux_kernel | < 5.15.93 | Yes |
| Operating System | linux | linux_kernel | < 6.1.11 | Yes |
| Operating System | linux | linux_kernel | 6.2 | Yes |
| Operating System | linux | linux_kernel | 6.2 | Yes |
| Operating System | linux | linux_kernel | 6.2 | Yes |
| Operating System | linux | linux_kernel | 6.2 | Yes |
| Operating System | linux | linux_kernel | 6.2 | Yes |