Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-46735

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
18/09/2024
Last modified:
03/11/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()<br /> <br /> When two UBLK_CMD_START_USER_RECOVERY commands are submitted, the<br /> first one sets &amp;#39;ubq-&gt;ubq_daemon&amp;#39; to NULL, and the second one triggers<br /> WARN in ublk_queue_reinit() and subsequently a NULL pointer dereference<br /> issue.<br /> <br /> Fix it by adding the check in ublk_ctrl_start_recovery() and return<br /> immediately in case of zero &amp;#39;ub-&gt;nr_queues_ready&amp;#39;.<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000028<br /> RIP: 0010:ublk_ctrl_start_recovery.constprop.0+0x82/0x180<br /> Call Trace:<br /> <br /> ? __die+0x20/0x70<br /> ? page_fault_oops+0x75/0x170<br /> ? exc_page_fault+0x64/0x140<br /> ? asm_exc_page_fault+0x22/0x30<br /> ? ublk_ctrl_start_recovery.constprop.0+0x82/0x180<br /> ublk_ctrl_uring_cmd+0x4f7/0x6c0<br /> ? pick_next_task_idle+0x26/0x40<br /> io_uring_cmd+0x9a/0x1b0<br /> io_issue_sqe+0x193/0x3f0<br /> io_wq_submit_work+0x9b/0x390<br /> io_worker_handle_work+0x165/0x360<br /> io_wq_worker+0xcb/0x2f0<br /> ? finish_task_switch.isra.0+0x203/0x290<br /> ? finish_task_switch.isra.0+0x203/0x290<br /> ? __pfx_io_wq_worker+0x10/0x10<br /> ret_from_fork+0x2d/0x50<br /> ? __pfx_io_wq_worker+0x10/0x10<br /> ret_from_fork_asm+0x1a/0x30<br />

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.1 (including) 6.1.110 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.51 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.10.10 (excluding)
cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools