[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2024110745-CVE-2024-50153-ecf2@gregkh>
Date: Thu, 7 Nov 2024 10:34:53 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device()
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: core: Fix null-ptr-deref in target_alloc_device()
There is a null-ptr-deref issue reported by KASAN:
BUG: KASAN: null-ptr-deref in target_alloc_device+0xbc4/0xbe0 [target_core_mod]
...
kasan_report+0xb9/0xf0
target_alloc_device+0xbc4/0xbe0 [target_core_mod]
core_dev_setup_virtual_lun0+0xef/0x1f0 [target_core_mod]
target_core_init_configfs+0x205/0x420 [target_core_mod]
do_one_initcall+0xdd/0x4e0
...
entry_SYSCALL_64_after_hwframe+0x76/0x7e
In target_alloc_device(), if allocing memory for dev queues fails, then
dev will be freed by dev->transport->free_device(), but dev->transport
is not initialized at that time, which will lead to a null pointer
reference problem.
Fixing this bug by freeing dev with hba->backend->ops->free_device().
The Linux kernel CVE team has assigned CVE-2024-50153 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.11 with commit 1526d9f10c61 and fixed in 5.15.170 with commit 39e02fa90323
Issue introduced in 5.11 with commit 1526d9f10c61 and fixed in 6.1.115 with commit 895ab729425e
Issue introduced in 5.11 with commit 1526d9f10c61 and fixed in 6.6.59 with commit b80e9bc85bd9
Issue introduced in 5.11 with commit 1526d9f10c61 and fixed in 6.11.6 with commit 14a6a2adb440
Issue introduced in 5.11 with commit 1526d9f10c61 and fixed in 6.12-rc4 with commit fca6caeb4a61
Issue introduced in 5.10.180 with commit 008b936bbde3
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-50153
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/target/target_core_device.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/39e02fa90323243187c91bb3e8f2f5f6a9aacfc7
https://git.kernel.org/stable/c/895ab729425ef9bf3b6d2f8d0853abe64896f314
https://git.kernel.org/stable/c/b80e9bc85bd9af378e7eac83e15dd129557bbdb6
https://git.kernel.org/stable/c/14a6a2adb440e4ae97bee73b2360946bd033dadd
https://git.kernel.org/stable/c/fca6caeb4a61d240f031914413fcc69534f6dc03
Powered by blists - more mailing lists