We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-46735

ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()



Description

In the Linux kernel, the following vulnerability has been resolved: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() When two UBLK_CMD_START_USER_RECOVERY commands are submitted, the first one sets 'ubq->ubq_daemon' to NULL, and the second one triggers WARN in ublk_queue_reinit() and subsequently a NULL pointer dereference issue. Fix it by adding the check in ublk_ctrl_start_recovery() and return immediately in case of zero 'ub->nr_queues_ready'. BUG: kernel NULL pointer dereference, address: 0000000000000028 RIP: 0010:ublk_ctrl_start_recovery.constprop.0+0x82/0x180 Call Trace: <TASK> ? __die+0x20/0x70 ? page_fault_oops+0x75/0x170 ? exc_page_fault+0x64/0x140 ? asm_exc_page_fault+0x22/0x30 ? ublk_ctrl_start_recovery.constprop.0+0x82/0x180 ublk_ctrl_uring_cmd+0x4f7/0x6c0 ? pick_next_task_idle+0x26/0x40 io_uring_cmd+0x9a/0x1b0 io_issue_sqe+0x193/0x3f0 io_wq_submit_work+0x9b/0x390 io_worker_handle_work+0x165/0x360 io_wq_worker+0xcb/0x2f0 ? finish_task_switch.isra.0+0x203/0x290 ? finish_task_switch.isra.0+0x203/0x290 ? __pfx_io_wq_worker+0x10/0x10 ret_from_fork+0x2d/0x50 ? __pfx_io_wq_worker+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK>

Reserved 2024-09-11 | Published 2024-09-18 | Updated 2024-11-05 | Assigner Linux

Product status

Default status
unaffected

c732a852b419 before ca249435893d
affected

c732a852b419 before 136a29d8112d
affected

c732a852b419 before 7c890ef60bf4
affected

c732a852b419 before e58f5142f883
affected

Default status
affected

6.1
affected

Any version before 6.1
unaffected

6.1.110
unaffected

6.6.51
unaffected

6.10.10
unaffected

6.11
unaffected

References

git.kernel.org/...c/ca249435893dda766f3845c15ca77ca5672022d8

git.kernel.org/...c/136a29d8112df4ea0a57f9602ddf3579e04089dc

git.kernel.org/...c/7c890ef60bf417d3fe5c6f7a9f6cef0e1d77f74f

git.kernel.org/...c/e58f5142f88320a5b1449f96a146f2f24615c5c7

cve.org (CVE-2024-46735)

nvd.nist.gov (CVE-2024-46735)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-46735

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.