[PATCH] [PATCH] scsi:bfa: Double-free vulnerability fix

[PATCH] [PATCH] scsi:bfa: Double-free vulnerability fix

[jackysliu]

In the QLogic BR-series Fibre Channel driver (bfad),
there exists a double-free vulnerability.
When the bfad_im_probe() function fails during initialization,
the memory pointed to by bfad->im is freed without
 setting bfad->im to NULL.
Subsequently, during driver uninstallation,
when the state machine enters the bfad_sm_stopping state
and calls the bfad_im_probe_undo() function,
it attempts to free the memory pointed to by bfad->im again,
thereby triggering a double-free vulnerability.

Signed-off-by: jackysliu <1972843537@qq.com>
---
 drivers/scsi/bfa/bfad_im.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/scsi/bfa/bfad_im.c b/drivers/scsi/bfa/bfad_im.c
index a719a18f0fbc..c21210064fbd 100644
--- a/drivers/scsi/bfa/bfad_im.c
+++ b/drivers/scsi/bfa/bfad_im.c
@@ -706,6 +706,7 @@ bfad_im_probe(struct bfad_s *bfad)
 
 	if (bfad_thread_workq(bfad) != BFA_STATUS_OK) {
 		kfree(im);
+		bfad->im = NULL;
 		return BFA_STATUS_FAILED;
 	}
 
-- 
2.43.5

Re: [PATCH] [PATCH] scsi:bfa: Double-free vulnerability fix

[Krzysztof Kozlowski]

On 24/06/2025 13:58, jackysliu wrote:
> In the QLogic BR-series Fibre Channel driver (bfad),
> there exists a double-free vulnerability.
> When the bfad_im_probe() function fails during initialization,
> the memory pointed to by bfad->im is freed without
>  setting bfad->im to NULL.
> Subsequently, during driver uninstallation,
> when the state machine enters the bfad_sm_stopping state
> and calls the bfad_im_probe_undo() function,
> it attempts to free the memory pointed to by bfad->im again,
> thereby triggering a double-free vulnerability.
> 
> Signed-off-by: jackysliu <1972843537@qq.com>
> ---
>  drivers/scsi/bfa/bfad_im.c | 1 +
>  1 file changed, 1 insertion(+)


You should disclose that you used some AI tool for that... and that
other report(s) was really fake finding.  People should know you
generated it with AI, so they could make informed decision whether to
even allocate time here.

Best regards,
Krzysztof

Re: [PATCH] scsi:bfa: Double-free vulnerability fix

[jackysliu]

On Tue, Jul 15 2025 12:45:00 +0200 Krzysztof Kozlowski wrote:
>You should disclose that you used some AI tool for that... and that
>other report(s) was really fake finding.  People should know you
>generated it with AI, so they could make informed decision whether to
>even allocate time here.

Although this problem was detected with the help of ai and static methods,
I checked the trigger path by myself and verified this problem. 
I'll describe the ways of detection if I find other issues in the future.
Anyway, thanks for your review.

Siyang Liu