QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-36478

Back to search

CVE-2024-36478

Published: Jun 21, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' Writing 'power' and 'submit_queues' concurrently will trigger kernel panic: Test script: modprobe null_blk nr_devices=0 mkdir -p /sys/kernel/config/nullb/nullb0 while true; do echo 1 > submit_queues; echo 4 > submit_queues; done & while true; do echo 1 > power; echo 0 > power; done Test result: BUG: kernel NULL pointer dereference, address: 0000000000000148 Oops: 0000 [#1] PREEMPT SMP RIP: 0010:__lock_acquire+0x41d/0x28f0 Call Trace: <TASK> lock_acquire+0x121/0x450 down_write+0x5f/0x1d0 simple_recursive_removal+0x12f/0x5c0 blk_mq_debugfs_unregister_hctxs+0x7c/0x100 blk_mq_update_nr_hw_queues+0x4a3/0x720 nullb_update_nr_hw_queues+0x71/0xf0 [null_blk] nullb_device_submit_queues_store+0x79/0xf0 [null_blk] configfs_write_iter+0x119/0x1e0 vfs_write+0x326/0x730 ksys_write+0x74/0x150 This is because del_gendisk() can concurrent with blk_mq_update_nr_hw_queues(): nullb_device_power_store nullb_apply_submit_queues null_del_dev del_gendisk nullb_update_nr_hw_queues if (!dev->nullb) // still set while gendisk is deleted return 0 blk_mq_update_nr_hw_queues dev->nullb = NULL Fix this problem by resuing the global mutex to protect nullb_device_power_store() and nullb_update_nr_hw_queues() from configfs.

VendorProductVersions

Linux

Linux

affected
45919fbfe1c487c17ea1d198534339a5e8abeae3 - < 1d4c8baef435c98e8d5aa7027dc5a9f70834ba16
affected
45919fbfe1c487c17ea1d198534339a5e8abeae3 - < aaadb755f2d684f715a6eb85cb7243aa0c67dfa9
affected
45919fbfe1c487c17ea1d198534339a5e8abeae3 - < 5d0495473ee4c1d041b5a917f10446a22c047f47
affected
45919fbfe1c487c17ea1d198534339a5e8abeae3 - < a2db328b0839312c169eb42746ec46fc1ab53ed2

Linux

Linux

affected
5.5
unaffected
0 - < 5.5
unaffected
6.1.119 - <= 6.1.*
unaffected
6.6.55 - <= 6.6.*
unaffected
6.9.4 - <= 6.9.*

+1 more versions

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now