A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures. Reference: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.5 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1acb8f2a7a9f10543868ddd737e37424d5c36cf4
This was fixed for Fedora with the 5.3.5 stable kernel updates.
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1826573]
Mitigation: In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module qla3xxx. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278
Statement: This issue is rated as having Low impact because of the preconditions needed to trigger the resource cleanup code path (DMA mapping error).
(In reply to Dhananjay Arunesh from comment #0) > A memory leak in the ql_alloc_large_buffers() function in > drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel allows local users > to cause a denial of service (memory consumption) by triggering > pci_dma_mapping_error() failures. > > Reference: > https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.5 > https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/ > ?id=1acb8f2a7a9f10543868ddd737e37424d5c36cf4 ql_alloc_large_buffers() is buggy, but that supposed fix is wrong. It adds a double-free. See upstream commit cad46039e4c99812db067c8ac22a864960e7acc4 net: qlogic: Fix error paths in ql_alloc_large_buffers()
The CVE describes a memory leak in an error path during device initialization. I would just WONTFIX that, but... The original fix introduced a more serious problem (double free). The subsequent proper fix (commit cad46039e4c99) corrected not only the double-free, but also two other errors: - calling dev_kfree_skb() with unitialized pointers. - DMA unmapping of memory that wasn't mapped. These are surely more serious than a memory leak and AFAIK, no CVE has been filed for them. Can the CVE be updated? Should a new CVE be created?