CVE-2024-26760

Summary

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: pscsi: Fix bio_put() for error case

As of commit 066ff571011d ("block: turn bio_kmalloc into a simple kmalloc wrapper"), a bio allocated by bio_kmalloc() must be freed by bio_uninit() and kfree(). That is not done properly for the error case, hitting WARN and NULL pointer dereference in bio_free().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux066ff571011d8416e903d3d4f1f41e0b5eb91e1d < f49b20fd0134da84a6bd8108f9e73c077b7d6231affected
LinuxLinux066ff571011d8416e903d3d4f1f41e0b5eb91e1d < 4ebc079f0c7dcda1270843ab0f38ab4edb8f7921affected
LinuxLinux066ff571011d8416e903d3d4f1f41e0b5eb91e1d < 1cfe9489fb563e9a0c9cdc5ca68257a44428c2ecaffected
LinuxLinux066ff571011d8416e903d3d4f1f41e0b5eb91e1d < de959094eb2197636f7c803af0943cb9d3b35804affected
LinuxLinux5.19affected
LinuxLinux0 < 5.19unaffected
LinuxLinux6.1.80 <= 6.1.*unaffected
LinuxLinux6.6.19 <= 6.6.*unaffected
LinuxLinux6.7.7 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References