Google Git
Sign in
kernel / pub / scm / linux / security / vulns / refs/heads/sasha-cve / . / cve / published / 2024 / CVE-2024-46735.json
blob: ef4d2793cca2b6c5e41d8e6147f75142f092f15d [file] [log] [blame]
{
"containers": {
"cna": {
"providerMetadata": {
"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
},
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()\n\nWhen two UBLK_CMD_START_USER_RECOVERY commands are submitted, the\nfirst one sets 'ubq->ubq_daemon' to NULL, and the second one triggers\nWARN in ublk_queue_reinit() and subsequently a NULL pointer dereference\nissue.\n\nFix it by adding the check in ublk_ctrl_start_recovery() and return\nimmediately in case of zero 'ub->nr_queues_ready'.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000028\n RIP: 0010:ublk_ctrl_start_recovery.constprop.0+0x82/0x180\n Call Trace:\n <TASK>\n ? __die+0x20/0x70\n ? page_fault_oops+0x75/0x170\n ? exc_page_fault+0x64/0x140\n ? asm_exc_page_fault+0x22/0x30\n ? ublk_ctrl_start_recovery.constprop.0+0x82/0x180\n ublk_ctrl_uring_cmd+0x4f7/0x6c0\n ? pick_next_task_idle+0x26/0x40\n io_uring_cmd+0x9a/0x1b0\n io_issue_sqe+0x193/0x3f0\n io_wq_submit_work+0x9b/0x390\n io_worker_handle_work+0x165/0x360\n io_wq_worker+0xcb/0x2f0\n ? finish_task_switch.isra.0+0x203/0x290\n ? finish_task_switch.isra.0+0x203/0x290\n ? __pfx_io_wq_worker+0x10/0x10\n ret_from_fork+0x2d/0x50\n ? __pfx_io_wq_worker+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n </TASK>"
}
],
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/block/ublk_drv.c"
],
"versions": [
{
"version": "c732a852b419fa057b53657e2daaf9433940391c",
"lessThan": "ca249435893dda766f3845c15ca77ca5672022d8",
"status": "affected",
"versionType": "git"
},
{
"version": "c732a852b419fa057b53657e2daaf9433940391c",
"lessThan": "136a29d8112df4ea0a57f9602ddf3579e04089dc",
"status": "affected",
"versionType": "git"
},
{
"version": "c732a852b419fa057b53657e2daaf9433940391c",
"lessThan": "7c890ef60bf417d3fe5c6f7a9f6cef0e1d77f74f",
"status": "affected",
"versionType": "git"
},
{
"version": "c732a852b419fa057b53657e2daaf9433940391c",
"lessThan": "e58f5142f88320a5b1449f96a146f2f24615c5c7",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/block/ublk_drv.c"
],
"versions": [
{
"version": "6.1",
"status": "affected"
},
{
"version": "0",
"lessThan": "6.1",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.110",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.51",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.10.10",
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.11",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1",
"versionEndExcluding": "6.1.110"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1",
"versionEndExcluding": "6.6.51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1",
"versionEndExcluding": "6.10.10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1",
"versionEndExcluding": "6.11"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/ca249435893dda766f3845c15ca77ca5672022d8"
},
{
"url": "https://git.kernel.org/stable/c/136a29d8112df4ea0a57f9602ddf3579e04089dc"
},
{
"url": "https://git.kernel.org/stable/c/7c890ef60bf417d3fe5c6f7a9f6cef0e1d77f74f"
},
{
"url": "https://git.kernel.org/stable/c/e58f5142f88320a5b1449f96a146f2f24615c5c7"
}
],
"title": "ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
"cveID": "CVE-2024-46735",
"requesterUserId": "gregkh@kernel.org",
"serial": "1",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}