CVE-2024-46735

EUVD-2024-41996

18.09.2024, 08:15

In the Linux kernel, the following vulnerability has been resolved:

ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()

When two UBLK_CMD_START_USER_RECOVERY commands are submitted, the
first one sets 'ubq->ubq_daemon' to NULL, and the second one triggers
WARN in ublk_queue_reinit() and subsequently a NULL pointer dereference
issue.

Fix it by adding the check in ublk_ctrl_start_recovery() and return
immediately in case of zero 'ub->nr_queues_ready'.

  BUG: kernel NULL pointer dereference, address: 0000000000000028
  RIP: 0010:ublk_ctrl_start_recovery.constprop.0+0x82/0x180
  Call Trace:
   <TASK>
   ? __die+0x20/0x70
   ? page_fault_oops+0x75/0x170
   ? exc_page_fault+0x64/0x140
   ? asm_exc_page_fault+0x22/0x30
   ? ublk_ctrl_start_recovery.constprop.0+0x82/0x180
   ublk_ctrl_uring_cmd+0x4f7/0x6c0
   ? pick_next_task_idle+0x26/0x40
   io_uring_cmd+0x9a/0x1b0
   io_issue_sqe+0x193/0x3f0
   io_wq_submit_work+0x9b/0x390
   io_worker_handle_work+0x165/0x360
   io_wq_worker+0xcb/0x2f0
   ? finish_task_switch.isra.0+0x203/0x290
   ? finish_task_switch.isra.0+0x203/0x290
   ? __pfx_io_wq_worker+0x10/0x10
   ret_from_fork+0x2d/0x50
   ? __pfx_io_wq_worker+0x10/0x10
   ret_from_fork_asm+0x1a/0x30
   </TASK>

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	6.1 ≤ 𝑥 < 6.1.110
linux	linux_kernel	6.2 ≤ 𝑥 < 6.6.51
linux	linux_kernel	6.7 ≤ 𝑥 < 6.10.10
linux	linux_kernel	6.11:rc1
linux	linux_kernel	6.11:rc2
linux	linux_kernel	6.11:rc3
linux	linux_kernel	6.11:rc4
linux	linux_kernel	6.11:rc5
linux	linux_kernel	6.11:rc6

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.148-1 fixed
bookworm (security)	6.1.158-1 fixed
bullseye	5.10.223-1 not-affected
bullseye (security)	5.10.247-1 fixed
forky	6.17.13-1 fixed
sid	6.17.13-1 fixed
trixie	6.12.57-1 fixed
trixie (security)	6.12.48-1 fixed

linux-6.1

bullseye (security)

6.1.158-1~deb11u1

fixed

Ubuntu Releases

Ubuntu Product

Codename

linux-hwe

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	not-affected

linux-hwe-5.4

bionic	not-affected
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-hwe-5.8

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-hwe-5.11

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-hwe-5.13

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-hwe-5.15

bionic	dne
focal	not-affected
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-hwe-5.19

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-hwe-6.2

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-hwe-6.5

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-hwe-6.8

bionic	dne
focal	dne
jammy	Fixed 6.8.0-50.51~22.04.1 released
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-hwe-edge

bionic	not-affected
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	ignored

linux-lts-xenial

bionic	dne
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	not-affected
xenial	dne

linux-kvm

bionic	not-affected
focal	not-affected
jammy	not-affected
noble	dne
oracular	dne
trusty	dne
xenial	not-affected

linux-allwinner-5.19

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-aws-5.0

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-aws-5.3

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-aws-5.4

bionic	not-affected
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-aws-5.8

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-aws-5.11

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-aws-5.13

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-aws-5.15

bionic	dne
focal	not-affected
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-aws-5.19

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-aws-6.2

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-aws-6.5

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-aws-hwe

bionic	dne
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	not-affected

linux-azure

bionic	ignored
focal	not-affected
jammy	not-affected
noble	Fixed 6.8.0-1020.23 released
oracular	not-affected
trusty	not-affected
xenial	not-affected

linux-azure-4.15

bionic	not-affected
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-5.3

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-5.4

bionic	not-affected
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-5.8

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-5.11

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-5.13

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-5.15

bionic	dne
focal	not-affected
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-5.19

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-6.2

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-6.5

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-fde

bionic	dne
focal	ignored
jammy	not-affected
noble	not-affected
oracular	dne
trusty	dne
xenial	dne

linux-azure-fde-5.15

bionic	dne
focal	not-affected
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-fde-5.19

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-fde-6.2

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-bluefield

bionic	dne
focal	not-affected
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-edge

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-fips

bionic	not-affected
focal	not-affected
jammy	not-affected
noble	dne
oracular	dne
trusty	dne
xenial	not-affected

linux-aws-fips

bionic	not-affected
focal	not-affected
jammy	not-affected
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-fips

bionic	not-affected
focal	not-affected
jammy	not-affected
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gcp-fips

bionic	not-affected
focal	not-affected
jammy	not-affected
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gcp

bionic	ignored
focal	not-affected
jammy	not-affected
noble	Fixed 6.8.0-1019.21 released
oracular	not-affected
trusty	dne
xenial	not-affected

linux-gcp-4.15

bionic	not-affected
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gcp-5.3

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gcp-5.4

bionic	not-affected
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gcp-5.8

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gcp-5.11

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gcp-5.13

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gcp-5.15

bionic	dne
focal	not-affected
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gcp-5.19

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gcp-6.2

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gcp-6.5

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gke

bionic	dne
focal	ignored
jammy	not-affected
noble	Fixed 6.8.0-1015.19 released
oracular	dne
trusty	dne
xenial	ignored

linux-gke-4.15

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gke-5.4

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gke-5.15

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gkeop-5.4

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gkeop-5.15

bionic	dne
focal	not-affected
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gkeop

bionic	dne
focal	not-affected
jammy	not-affected
noble	Fixed 6.8.0-1002.4 released
oracular	dne
trusty	dne
xenial	dne

linux-ibm-5.4

bionic	not-affected
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-ibm-5.15

bionic	dne
focal	not-affected
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-intel-5.13

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-intel-iotg

bionic	dne
focal	dne
jammy	not-affected
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-intel-iotg-5.15

bionic	dne
focal	not-affected
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-iot

bionic	dne
focal	not-affected
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-intel-iot-realtime

bionic	dne
focal	dne
jammy	not-affected
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-lowlatency

bionic	dne
focal	dne
jammy	not-affected
noble	Fixed 6.8.0-50.51.1 released
oracular	not-affected
trusty	dne
xenial	dne

linux-lowlatency-hwe-5.15

bionic	dne
focal	not-affected
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-lowlatency-hwe-5.19

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-lowlatency-hwe-6.2

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-lowlatency-hwe-6.5

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-lowlatency-hwe-6.8

bionic	dne
focal	dne
jammy	Fixed 6.8.0-50.51.1~22.04.1 released
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-nvidia

bionic	dne
focal	dne
jammy	not-affected
noble	Fixed 6.8.0-1019.21 released
oracular	dne
trusty	dne
xenial	dne

linux-nvidia-6.2

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-nvidia-6.5

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-nvidia-6.8

bionic	dne
focal	dne
jammy	Fixed 6.8.0-1019.21~22.04.1 released
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-nvidia-lowlatency

bionic	dne
focal	dne
jammy	dne
noble	Fixed 6.8.0-1019.21.1 released
oracular	dne
trusty	dne
xenial	dne

linux-oracle-5.0

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oracle-5.3

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oracle-5.4

bionic	not-affected
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oracle-5.8

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oracle-5.11

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oracle-5.13

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oracle-5.15

bionic	dne
focal	not-affected
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oracle-6.5

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oem

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	ignored

linux-oem-5.6

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oem-5.10

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oem-5.13

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oem-5.14

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oem-5.17

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oem-6.0

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oem-6.1

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oem-6.5

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oem-6.8

bionic	dne
focal	dne
jammy	dne
noble	Fixed 6.8.0-1018.18 released
oracular	dne
trusty	dne
xenial	dne

linux-raspi2

bionic	ignored
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	ignored

linux-raspi-5.4

bionic	not-affected
focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-raspi-realtime

bionic	dne
focal	dne
jammy	dne
noble	Fixed 6.8.0-2015.16 released
oracular	dne
trusty	dne
xenial	dne

linux-realtime

bionic	dne
focal	dne
jammy	not-affected
noble	Fixed 6.8.1-1013.14 released
oracular	not-affected
trusty	dne
xenial	dne

linux-riscv

bionic	dne
focal	ignored
jammy	ignored
noble	Fixed 6.8.0-50.51.1 released
oracular	not-affected
trusty	dne
xenial	dne

linux-riscv-5.8

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-riscv-5.11

bionic	dne
focal	ignored
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-riscv-5.15

bionic	dne
focal	not-affected
jammy	dne
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-riscv-5.19

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-riscv-6.5

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-riscv-6.8

bionic	dne
focal	dne
jammy	Fixed 6.8.0-50.51.1~22.04.1 released
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-starfive-5.19

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-starfive-6.2

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-starfive-6.5

bionic	dne
focal	dne
jammy	ignored
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-xilinx-zynqmp

bionic	dne
focal	not-affected
jammy	not-affected
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux

bionic	not-affected
focal	not-affected
jammy	not-affected
noble	Fixed 6.8.0-50.51 released
oracular	not-affected
trusty	not-affected
xenial	not-affected

linux-aws

bionic	not-affected
focal	not-affected
jammy	not-affected
noble	Fixed 6.8.0-1020.22 released
oracular	not-affected
trusty	not-affected
xenial	not-affected

linux-ibm

bionic	dne
focal	not-affected
jammy	not-affected
noble	Fixed 6.8.0-1017.17 released
oracular	dne
trusty	dne
xenial	dne

linux-oracle

bionic	not-affected
focal	not-affected
jammy	not-affected
noble	Fixed 6.8.0-1017.18 released
oracular	not-affected
trusty	dne
xenial	not-affected

linux-raspi

bionic	dne
focal	not-affected
jammy	not-affected
noble	Fixed 6.8.0-1016.18 released
oracular	not-affected
trusty	dne
xenial	dne

linux-intel

bionic	dne
focal	dne
jammy	dne
noble	not-affected
oracular	dne
trusty	dne
xenial	dne

linux-aws-6.8

bionic	dne
focal	dne
jammy	Fixed 6.8.0-1020.22~22.04.1 released
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-gcp-6.8

bionic	dne
focal	dne
jammy	Fixed 6.8.0-1019.21~22.04.1 released
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oracle-6.8

bionic	dne
focal	dne
jammy	Fixed 6.8.0-1017.18~22.04.1 released
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-azure-6.8

bionic	dne
focal	dne
jammy	Fixed 6.8.0-1020.23~22.04.1 released
noble	dne
oracular	dne
trusty	dne
xenial	dne

linux-oem-6.11

bionic	dne
focal	dne
jammy	dne
noble	not-affected
oracular	dne
trusty	dne
xenial	dne

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

https://git.kernel.org/stable/c/136a29d8112df4ea0a57f9602ddf3579e04089dc

https://git.kernel.org/stable/c/7c890ef60bf417d3fe5c6f7a9f6cef0e1d77f74f

https://git.kernel.org/stable/c/ca249435893dda766f3845c15ca77ca5672022d8

https://git.kernel.org/stable/c/e58f5142f88320a5b1449f96a146f2f24615c5c7

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html