Vulnerabilities > CVE-2024-35954 - Unspecified vulnerability in Linux Kernel

CVSS 4.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

high complexity

linux

NVD

Published: 2024-05-20

Updated: 2024-11-21

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Avoid sg device teardown race sg_remove_sfp_usercontext() must not use sg_device_destroy() after calling scsi_device_put(). sg_device_destroy() is accessing the parent scsi_device request_queue which will already be set to NULL when the preceding call to scsi_device_put() removed the last reference to the parent scsi_device. The resulting NULL pointer exception will then crash the kernel.

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Linux Kernel 6.9 Linux Linux Kernel 6.7 Linux Linux Kernel 6.7.1 Linux Linux Kernel 6.7.2 Linux Linux Kernel 6.7.3 Linux Linux Kernel 6.7.4 Linux Linux Kernel 6.7.5 Linux Linux Kernel 6.7.6 Linux Linux Kernel 6.7.7 Linux Linux Kernel 6.7.8 Linux Linux Kernel 6.7.9 Linux Linux Kernel 6.7.10 Linux Linux Kernel 6.7.11 Linux Linux Kernel 6.7.12 Linux Linux Kernel 6.8 Linux Linux Kernel 6.8.1 Linux Linux Kernel 6.8.2 Linux Linux Kernel 6.8.3 Linux Linux Kernel 6.8.4 Linux Linux Kernel 6.8.5 Linux Linux Kernel 6.8.6 Linux Linux Kernel *	36

Summary

Vulnerable Configurations

References