lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2024110745-CVE-2024-50153-ecf2@gregkh>
Date: Thu,  7 Nov 2024 10:34:53 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device()

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: core: Fix null-ptr-deref in target_alloc_device()

There is a null-ptr-deref issue reported by KASAN:

BUG: KASAN: null-ptr-deref in target_alloc_device+0xbc4/0xbe0 [target_core_mod]
...
 kasan_report+0xb9/0xf0
 target_alloc_device+0xbc4/0xbe0 [target_core_mod]
 core_dev_setup_virtual_lun0+0xef/0x1f0 [target_core_mod]
 target_core_init_configfs+0x205/0x420 [target_core_mod]
 do_one_initcall+0xdd/0x4e0
...
 entry_SYSCALL_64_after_hwframe+0x76/0x7e

In target_alloc_device(), if allocing memory for dev queues fails, then
dev will be freed by dev->transport->free_device(), but dev->transport
is not initialized at that time, which will lead to a null pointer
reference problem.

Fixing this bug by freeing dev with hba->backend->ops->free_device().

The Linux kernel CVE team has assigned CVE-2024-50153 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 5.11 with commit 1526d9f10c61 and fixed in 5.15.170 with commit 39e02fa90323
	Issue introduced in 5.11 with commit 1526d9f10c61 and fixed in 6.1.115 with commit 895ab729425e
	Issue introduced in 5.11 with commit 1526d9f10c61 and fixed in 6.6.59 with commit b80e9bc85bd9
	Issue introduced in 5.11 with commit 1526d9f10c61 and fixed in 6.11.6 with commit 14a6a2adb440
	Issue introduced in 5.11 with commit 1526d9f10c61 and fixed in 6.12-rc4 with commit fca6caeb4a61
	Issue introduced in 5.10.180 with commit 008b936bbde3

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-50153
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	drivers/target/target_core_device.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/39e02fa90323243187c91bb3e8f2f5f6a9aacfc7
	https://git.kernel.org/stable/c/895ab729425ef9bf3b6d2f8d0853abe64896f314
	https://git.kernel.org/stable/c/b80e9bc85bd9af378e7eac83e15dd129557bbdb6
	https://git.kernel.org/stable/c/14a6a2adb440e4ae97bee73b2360946bd033dadd
	https://git.kernel.org/stable/c/fca6caeb4a61d240f031914413fcc69534f6dc03

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ