CVE-2024-50153

scsi: target: core: Fix null-ptr-deref in target_alloc_device()

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix null-ptr-deref in target_alloc_device() There is a null-ptr-deref issue reported by KASAN: BUG: KASAN: null-ptr-deref in target_alloc_device+0xbc4/0xbe0 [target_core_mod]
... kasan_report+0xb9/0xf0 target_alloc_device+0xbc4/0xbe0 [target_core_mod] core_dev_setup_virtual_lun0+0xef/0x1f0 [target_core_mod] target_core_init_configfs+0x205/0x420 [target_core_mod] do_one_initcall+0xdd/0x4e0
... entry_SYSCALL_64_after_hwframe+0x76/0x7e In target_alloc_device(), if allocing memory for dev queues fails, then
dev will be freed by dev->transport->free_device(), but dev->transport
is not initialized at that time, which will lead to a null pointer
reference problem. Fixing this bug by freeing dev with hba->backend->ops->free_device().

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: target: core: Corregir null-ptr-deref en target_alloc_device() KASAN ha informado de un problema de null-ptr-deref: ERROR: KASAN: null-ptr-deref en target_alloc_device+0xbc4/0xbe0 [target_core_mod] ... kasan_report+0xb9/0xf0 target_alloc_device+0xbc4/0xbe0 [target_core_mod] core_dev_setup_virtual_lun0+0xef/0x1f0 [target_core_mod] target_core_init_configfs+0x205/0x420 [target_core_mod] do_one_initcall+0xdd/0x4e0 ... entry_SYSCALL_64_after_hwframe+0x76/0x7e En target_alloc_device(), si falla la asignación de memoria para las colas dev, dev se liberará mediante dev->transport->free_device(), pero dev->transport no se inicializa en ese momento, lo que generará un problema de referencia de puntero nulo. Se soluciona este error liberando dev con hba->backend->ops->free_device().

In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix null-ptr-deref in target_alloc_device() There is a null-ptr-deref issue reported by KASAN: BUG: KASAN: null-ptr-deref in target_alloc_device+0xbc4/0xbe0 [target_core_mod] ... kasan_report+0xb9/0xf0 target_alloc_device+0xbc4/0xbe0 [target_core_mod] core_dev_setup_virtual_lun0+0xef/0x1f0 [target_core_mod] target_core_init_configfs+0x205/0x420 [target_core_mod] do_one_initcall+0xdd/0x4e0 ... entry_SYSCALL_64_after_hwframe+0x76/0x7e In target_alloc_device(), if allocing memory for dev queues fails, then dev will be freed by dev->transport->free_device(), but dev->transport is not initialized at that time, which will lead to a null pointer reference problem. Fixing this bug by freeing dev with hba->backend->ops->free_device().

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-10-21 CVE Reserved
2024-11-07 CVE Published
2024-12-19 CVE Updated
2025-03-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/008b936bbde3e87a611b3828a0d5d2a4f99026a0	Vuln. Introduced
https://git.kernel.org/stable/c/1526d9f10c6184031e42afad0adbdde1213e8ad1	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/8c1e6717f60d31f8af3937c23c4f1498529584e1	2024-11-08
https://git.kernel.org/stable/c/39e02fa90323243187c91bb3e8f2f5f6a9aacfc7	2024-11-01
https://git.kernel.org/stable/c/895ab729425ef9bf3b6d2f8d0853abe64896f314	2024-11-01
https://git.kernel.org/stable/c/b80e9bc85bd9af378e7eac83e15dd129557bbdb6	2024-11-01
https://git.kernel.org/stable/c/14a6a2adb440e4ae97bee73b2360946bd033dadd	2024-11-01
https://git.kernel.org/stable/c/fca6caeb4a61d240f031914413fcc69534f6dc03	2024-10-16

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.180 < 5.10.229 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.180 < 5.10.229"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 5.15.170 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.15.170"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 6.1.115 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 6.1.115"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 6.6.59 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 6.6.59"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 6.11.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 6.11.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 6.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 6.12"		en		Affected