CVE-2024-50153
Published: Nov 7, 2024
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix null-ptr-deref in target_alloc_device() There is a null-ptr-deref issue reported by KASAN: BUG: KASAN: null-ptr-deref in target_alloc_device+0xbc4/0xbe0 [target_core_mod] ... kasan_report+0xb9/0xf0 target_alloc_device+0xbc4/0xbe0 [target_core_mod] core_dev_setup_virtual_lun0+0xef/0x1f0 [target_core_mod] target_core_init_configfs+0x205/0x420 [target_core_mod] do_one_initcall+0xdd/0x4e0 ... entry_SYSCALL_64_after_hwframe+0x76/0x7e In target_alloc_device(), if allocing memory for dev queues fails, then dev will be freed by dev->transport->free_device(), but dev->transport is not initialized at that time, which will lead to a null pointer reference problem. Fixing this bug by freeing dev with hba->backend->ops->free_device().
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 008b936bbde3e87a611b3828a0d5d2a4f99026a0 - < 8c1e6717f60d31f8af3937c23c4f1498529584e1affected 1526d9f10c6184031e42afad0adbdde1213e8ad1 - < 39e02fa90323243187c91bb3e8f2f5f6a9aacfc7affected 1526d9f10c6184031e42afad0adbdde1213e8ad1 - < 895ab729425ef9bf3b6d2f8d0853abe64896f314affected 1526d9f10c6184031e42afad0adbdde1213e8ad1 - < b80e9bc85bd9af378e7eac83e15dd129557bbdb6affected 1526d9f10c6184031e42afad0adbdde1213e8ad1 - < 14a6a2adb440e4ae97bee73b2360946bd033dadd+2 more versions |
Linux | Linux | affected 5.11unaffected 0 - < 5.11unaffected 5.10.229 - <= 5.10.*unaffected 5.15.170 - <= 5.15.*unaffected 6.1.115 - <= 6.1.*+3 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now