{
  "threat_severity" : "Moderate",
  "public_date" : "2024-04-10T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()",
    "id" : "2274634",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2274634"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-20",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nscsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()\nWhen parsing the txq list in lpfc_drain_txq(), the driver attempts to pass\nthe requests to the adapter. If such an attempt fails, a local \"fail_msg\"\nstring is set and a log message output.  The job is then added to a\ncompletions list for cancellation.\nProcessing of any further jobs from the txq list continues, but since\n\"fail_msg\" remains set, jobs are added to the completions list regardless\nof whether a wqe was passed to the adapter.  If successfully added to\ntxcmplq, jobs are added to both lists resulting in list corruption.\nFix by clearing the fail_msg string after adding a job to the completions\nlist. This stops the subsequent jobs from being added to the completions\nlist unless they had an appropriate failure.", "A vulnerability was found in the Linux kernel while parsing the txq list in the lpfc_drain_txq() function. Due to improper handling of a local fail message string which is set when a job fails and is never unset for subsequent jobs, this issue can lead to list corruption as jobs may be added to both the txq and the completions list. This could result in system instability or inconsistencies." ],
  "statement" : "This issue is fixed in RHEL-8.6 and above (including 8.10):\n~~~\nin (rhel-8.6, rhel-8.7, rhel-8.8, rhel-8.9, rhel-8.10) scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()\n~~~",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-05-10T00:00:00Z",
    "advisory" : "RHSA-2022:1988",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-372.9.1.el8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-47203\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47203\nhttps://lore.kernel.org/linux-cve-announce/2024041037-CVE-2021-47203-ff72@gregkh/T" ],
  "name" : "CVE-2021-47203",
  "csaw" : false
}