First published: Thu Nov 07 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix null-ptr-deref in target_alloc_device() There is a null-ptr-deref issue reported by KASAN: BUG: KASAN: null-ptr-deref in target_alloc_device+0xbc4/0xbe0 [target_core_mod] ... kasan_report+0xb9/0xf0 target_alloc_device+0xbc4/0xbe0 [target_core_mod] core_dev_setup_virtual_lun0+0xef/0x1f0 [target_core_mod] target_core_init_configfs+0x205/0x420 [target_core_mod] do_one_initcall+0xdd/0x4e0 ... entry_SYSCALL_64_after_hwframe+0x76/0x7e In target_alloc_device(), if allocing memory for dev queues fails, then dev will be freed by dev->transport->free_device(), but dev->transport is not initialized at that time, which will lead to a null pointer reference problem. Fixing this bug by freeing dev with hba->backend->ops->free_device().
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Kernel | >=5.11<5.15.170 | |
Linux Kernel | >=5.16<6.1.115 | |
Linux Kernel | >=6.2<6.6.59 | |
Linux Kernel | >=6.7<6.11.6 | |
Linux Kernel | =5.10.180 | |
Linux Kernel | =6.12-rc1 | |
Linux Kernel | =6.12-rc2 | |
Linux Kernel | =6.12-rc3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-50153 has been classified as a medium-severity vulnerability due to its potential impact on system stability.
To address CVE-2024-50153, update your Linux kernel to a version that resolves the null pointer dereference issue.
CVE-2024-50153 affects Linux kernel versions from 5.10.180 up to 6.12-rc3, among others within specific version ranges.
CVE-2024-50153 is associated with a null pointer dereference vulnerability in the Linux kernel.
CVE-2024-50153 may lead to denial-of-service conditions, but its exploitability in a remote context depends on the system configuration.