CVE-2024-35954
scsi: sg: Avoid sg device teardown race
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Avoid sg device teardown race sg_remove_sfp_usercontext() must not use sg_device_destroy() after calling
scsi_device_put(). sg_device_destroy() is accessing the parent scsi_device request_queue which
will already be set to NULL when the preceding call to scsi_device_put()
removed the last reference to the parent scsi_device. The resulting NULL pointer exception will then crash the kernel.
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: scsi: sg: Evite la ejecución de desmontaje del dispositivo sg sg_remove_sfp_usercontext() no debe usar sg_device_destroy() después de llamar a scsi_device_put(). sg_device_destroy() está accediendo al scsi_device principal request_queue que ya estará configurado en NULL cuando la llamada anterior a scsi_device_put() eliminó la última referencia al scsi_device principal. La excepción de puntero NULL resultante bloqueará el kernel.
In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Avoid sg device teardown race sg_remove_sfp_usercontext() must not use sg_device_destroy() after calling scsi_device_put(). sg_device_destroy() is accessing the parent scsi_device request_queue which will already be set to NULL when the preceding call to scsi_device_put() removed the last reference to the parent scsi_device. The resulting NULL pointer exception will then crash the kernel.
It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-05-17 CVE Reserved
- 2024-05-20 CVE Published
- 2025-05-04 CVE Updated
- 2025-06-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/db59133e927916d8a25ee1fd8264f2808040909d | Vuln. Introduced | |
| https://git.kernel.org/stable/c/4cc664e59bf2553771e4c9e90f758f7434cfdc22 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-35954 | 2024-11-12 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2281933 | 2024-11-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.5 < 6.6.28 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.6.28" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.5 < 6.8.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.8.7" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.5 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.9" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.4.7 Search vendor "Linux" for product "Linux Kernel" and version "6.4.7" | en |
Affected
| ||||||