CVE-2024-46735

18.09.2024, 08:15

In the Linux kernel, the following vulnerability has been resolved:

ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()

When two UBLK_CMD_START_USER_RECOVERY commands are submitted, the
first one sets 'ubq->ubq_daemon' to NULL, and the second one triggers
WARN in ublk_queue_reinit() and subsequently a NULL pointer dereference
issue.

Fix it by adding the check in ublk_ctrl_start_recovery() and return
immediately in case of zero 'ub->nr_queues_ready'.

  BUG: kernel NULL pointer dereference, address: 0000000000000028
  RIP: 0010:ublk_ctrl_start_recovery.constprop.0+0x82/0x180
  Call Trace:
   <TASK>
   ? __die+0x20/0x70
   ? page_fault_oops+0x75/0x170
   ? exc_page_fault+0x64/0x140
   ? asm_exc_page_fault+0x22/0x30
   ? ublk_ctrl_start_recovery.constprop.0+0x82/0x180
   ublk_ctrl_uring_cmd+0x4f7/0x6c0
   ? pick_next_task_idle+0x26/0x40
   io_uring_cmd+0x9a/0x1b0
   io_issue_sqe+0x193/0x3f0
   io_wq_submit_work+0x9b/0x390
   io_worker_handle_work+0x165/0x360
   io_wq_worker+0xcb/0x2f0
   ? finish_task_switch.isra.0+0x203/0x290
   ? finish_task_switch.isra.0+0x203/0x290
   ? __pfx_io_wq_worker+0x10/0x10
   ret_from_fork+0x2d/0x50
   ? __pfx_io_wq_worker+0x10/0x10
   ret_from_fork_asm+0x1a/0x30
   </TASK>

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Linux	CNA	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 14%

Vendor	Product	Version
linux	linux_kernel	6.1 ≤ 𝑥 < 6.1.110
linux	linux_kernel	6.2 ≤ 𝑥 < 6.6.51
linux	linux_kernel	6.7 ≤ 𝑥 < 6.10.10
linux	linux_kernel	6.11:rc1
linux	linux_kernel	6.11:rc2
linux	linux_kernel	6.11:rc3
linux	linux_kernel	6.11:rc4
linux	linux_kernel	6.11:rc5
linux	linux_kernel	6.11:rc6

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bullseye (security)	5.10.237-1 fixed
bookworm	6.1.137-1 fixed
bookworm (security)	6.1.140-1 fixed
trixie	6.12.27-1 fixed
sid	6.12.30-1 fixed

linux-6.1

bullseye (security)

6.1.137-1~deb11u1

fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

oracular	not-affected
noble	Fixed 6.8.0-50.51 released
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	not-affected

linux-allwinner-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-aws

oracular	not-affected
noble	Fixed 6.8.0-1020.22 released
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	not-affected

linux-aws-5.0

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-aws-5.11

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-aws-5.13

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-aws-5.15

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-aws-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-aws-5.3

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-aws-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-aws-5.8

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-aws-6.2

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-aws-6.5

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-aws-6.8

oracular	dne
noble	dne
jammy	Fixed 6.8.0-1020.22~22.04.1 released
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-aws-fips

oracular	dne
noble	dne
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	dne
trusty	dne

linux-aws-hwe

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	not-affected
trusty	dne

linux-azure

oracular	not-affected
noble	Fixed 6.8.0-1020.23 released
jammy	not-affected
focal	not-affected
bionic	ignored
xenial	not-affected
trusty	not-affected

linux-azure-4.15

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-azure-5.11

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-azure-5.13

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-azure-5.15

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-azure-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-5.3

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-azure-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-azure-5.8

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-azure-6.2

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-6.5

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-6.8

oracular	dne
noble	dne
jammy	Fixed 6.8.0-1020.23~22.04.1 released
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-edge

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-azure-fde

oracular	dne
noble	dne
jammy	not-affected
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-azure-fde-5.15

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-azure-fde-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-fde-6.2

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-fips

oracular	dne
noble	dne
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	dne
trusty	dne

linux-bluefield

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-fips

oracular	dne
noble	dne
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	dne

linux-gcp

oracular	not-affected
noble	Fixed 6.8.0-1019.21 released
jammy	not-affected
focal	not-affected
bionic	ignored
xenial	not-affected
trusty	dne

linux-gcp-4.15

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-gcp-5.11

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-gcp-5.13

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-gcp-5.15

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-gcp-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-gcp-5.3

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-gcp-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-gcp-5.8

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-gcp-6.2

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-gcp-6.5

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-gcp-6.8

oracular	dne
noble	dne
jammy	Fixed 6.8.0-1019.21~22.04.1 released
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-gcp-fips

oracular	dne
noble	dne
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	dne
trusty	dne

linux-gke

oracular	dne
noble	Fixed 6.8.0-1015.19 released
jammy	not-affected
focal	ignored
bionic	dne
xenial	ignored
trusty	dne

linux-gke-4.15

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-gke-5.15

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-gke-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-gkeop

oracular	dne
noble	Fixed 6.8.0-1002.4 released
jammy	not-affected
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-gkeop-5.15

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-gkeop-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-hwe

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	not-affected
trusty	dne

linux-hwe-5.11

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-hwe-5.13

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-hwe-5.15

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-hwe-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-hwe-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-hwe-5.8

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-hwe-6.2

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-hwe-6.5

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-hwe-6.8

oracular	dne
noble	dne
jammy	Fixed 6.8.0-50.51~22.04.1 released
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-hwe-edge

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	ignored
trusty	dne

linux-ibm

oracular	dne
noble	Fixed 6.8.0-1017.17 released
jammy	not-affected
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-ibm-5.15

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-ibm-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-intel

oracular	dne
noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-intel-5.13

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-intel-iot-realtime

oracular	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-intel-iotg

oracular	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-intel-iotg-5.15

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-iot

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-kvm

oracular	dne
noble	dne
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	dne

linux-lowlatency

oracular	not-affected
noble	Fixed 6.8.0-50.51.1 released
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency-hwe-5.15

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency-hwe-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency-hwe-6.2

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency-hwe-6.5

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency-hwe-6.8

oracular	dne
noble	dne
jammy	Fixed 6.8.0-50.51.1~22.04.1 released
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lts-xenial

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	not-affected

linux-nvidia

oracular	dne
noble	Fixed 6.8.0-1019.21 released
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-6.2

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-6.5

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-6.8

oracular	dne
noble	dne
jammy	Fixed 6.8.0-1019.21~22.04.1 released
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-lowlatency

oracular	dne
noble	Fixed 6.8.0-1019.21.1 released
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	ignored
trusty	dne

linux-oem-5.10

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oem-5.13

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oem-5.14

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oem-5.17

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem-5.6

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oem-6.0

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem-6.1

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem-6.11

oracular	dne
noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem-6.5

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem-6.8

oracular	dne
noble	Fixed 6.8.0-1018.18 released
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oracle

oracular	not-affected
noble	Fixed 6.8.0-1017.18 released
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	dne

linux-oracle-5.0

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-oracle-5.11

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oracle-5.13

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oracle-5.15

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-oracle-5.3

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-oracle-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-oracle-5.8

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oracle-6.5

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oracle-6.8

oracular	dne
noble	dne
jammy	Fixed 6.8.0-1017.18~22.04.1 released
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-raspi

oracular	not-affected
noble	Fixed 6.8.0-1016.18 released
jammy	not-affected
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-raspi-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-raspi-realtime

oracular	dne
noble	Fixed 6.8.0-2015.16 released
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-raspi2

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	ignored
xenial	ignored
trusty	dne

linux-realtime

oracular	not-affected
noble	Fixed 6.8.1-1013.14 released
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-riscv

oracular	not-affected
noble	Fixed 6.8.0-50.51.1 released
jammy	ignored
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-riscv-5.11

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-riscv-5.15

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-riscv-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-riscv-5.8

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-riscv-6.5

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-riscv-6.8

oracular	dne
noble	dne
jammy	Fixed 6.8.0-50.51.1~22.04.1 released
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-starfive-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-starfive-6.2

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-starfive-6.5

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-xilinx-zynqmp

oracular	dne
noble	dne
jammy	not-affected
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

https://git.kernel.org/stable/c/136a29d8112df4ea0a57f9602ddf3579e04089dc

https://git.kernel.org/stable/c/7c890ef60bf417d3fe5c6f7a9f6cef0e1d77f74f

https://git.kernel.org/stable/c/ca249435893dda766f3845c15ca77ca5672022d8

https://git.kernel.org/stable/c/e58f5142f88320a5b1449f96a146f2f24615c5c7