Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-50153

Summary
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At-07 Nov, 2024 | 09:31
Updated At-03 Nov, 2025 | 22:26
Rejected At-
Credits

scsi: target: core: Fix null-ptr-deref in target_alloc_device()

In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix null-ptr-deref in target_alloc_device() There is a null-ptr-deref issue reported by KASAN: BUG: KASAN: null-ptr-deref in target_alloc_device+0xbc4/0xbe0 [target_core_mod] ... kasan_report+0xb9/0xf0 target_alloc_device+0xbc4/0xbe0 [target_core_mod] core_dev_setup_virtual_lun0+0xef/0x1f0 [target_core_mod] target_core_init_configfs+0x205/0x420 [target_core_mod] do_one_initcall+0xdd/0x4e0 ... entry_SYSCALL_64_after_hwframe+0x76/0x7e In target_alloc_device(), if allocing memory for dev queues fails, then dev will be freed by dev->transport->free_device(), but dev->transport is not initialized at that time, which will lead to a null pointer reference problem. Fixing this bug by freeing dev with hba->backend->ops->free_device().

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Linux
Assigner Org ID:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:07 Nov, 2024 | 09:31
Updated At:03 Nov, 2025 | 22:26
Rejected At:
▼CVE Numbering Authority (CNA)
scsi: target: core: Fix null-ptr-deref in target_alloc_device()

In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix null-ptr-deref in target_alloc_device() There is a null-ptr-deref issue reported by KASAN: BUG: KASAN: null-ptr-deref in target_alloc_device+0xbc4/0xbe0 [target_core_mod] ... kasan_report+0xb9/0xf0 target_alloc_device+0xbc4/0xbe0 [target_core_mod] core_dev_setup_virtual_lun0+0xef/0x1f0 [target_core_mod] target_core_init_configfs+0x205/0x420 [target_core_mod] do_one_initcall+0xdd/0x4e0 ... entry_SYSCALL_64_after_hwframe+0x76/0x7e In target_alloc_device(), if allocing memory for dev queues fails, then dev will be freed by dev->transport->free_device(), but dev->transport is not initialized at that time, which will lead to a null pointer reference problem. Fixing this bug by freeing dev with hba->backend->ops->free_device().

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/target/target_core_device.c
Default Status
unaffected
Versions
Affected
  • From 008b936bbde3e87a611b3828a0d5d2a4f99026a0 before 8c1e6717f60d31f8af3937c23c4f1498529584e1 (git)
  • From 1526d9f10c6184031e42afad0adbdde1213e8ad1 before 39e02fa90323243187c91bb3e8f2f5f6a9aacfc7 (git)
  • From 1526d9f10c6184031e42afad0adbdde1213e8ad1 before 895ab729425ef9bf3b6d2f8d0853abe64896f314 (git)
  • From 1526d9f10c6184031e42afad0adbdde1213e8ad1 before b80e9bc85bd9af378e7eac83e15dd129557bbdb6 (git)
  • From 1526d9f10c6184031e42afad0adbdde1213e8ad1 before 14a6a2adb440e4ae97bee73b2360946bd033dadd (git)
  • From 1526d9f10c6184031e42afad0adbdde1213e8ad1 before fca6caeb4a61d240f031914413fcc69534f6dc03 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/target/target_core_device.c
Default Status
affected
Versions
Affected
  • 5.11
Unaffected
  • From 0 before 5.11 (semver)
  • From 5.10.229 through 5.10.* (semver)
  • From 5.15.170 through 5.15.* (semver)
  • From 6.1.115 through 6.1.* (semver)
  • From 6.6.59 through 6.6.* (semver)
  • From 6.11.6 through 6.11.* (semver)
  • From 6.12 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/8c1e6717f60d31f8af3937c23c4f1498529584e1
N/A
https://git.kernel.org/stable/c/39e02fa90323243187c91bb3e8f2f5f6a9aacfc7
N/A
https://git.kernel.org/stable/c/895ab729425ef9bf3b6d2f8d0853abe64896f314
N/A
https://git.kernel.org/stable/c/b80e9bc85bd9af378e7eac83e15dd129557bbdb6
N/A
https://git.kernel.org/stable/c/14a6a2adb440e4ae97bee73b2360946bd033dadd
N/A
https://git.kernel.org/stable/c/fca6caeb4a61d240f031914413fcc69534f6dc03
N/A
Hyperlink: https://git.kernel.org/stable/c/8c1e6717f60d31f8af3937c23c4f1498529584e1
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/39e02fa90323243187c91bb3e8f2f5f6a9aacfc7
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/895ab729425ef9bf3b6d2f8d0853abe64896f314
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/b80e9bc85bd9af378e7eac83e15dd129557bbdb6
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/14a6a2adb440e4ae97bee73b2360946bd033dadd
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/fca6caeb4a61d240f031914413fcc69534f6dc03
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-476CWE-476 NULL Pointer Dereference
Type: CWE
CWE ID: CWE-476
Description: CWE-476 NULL Pointer Dereference
Metrics
VersionBase scoreBase severityVector
3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
N/A
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:07 Nov, 2024 | 10:15
Updated At:03 Nov, 2025 | 23:16

In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix null-ptr-deref in target_alloc_device() There is a null-ptr-deref issue reported by KASAN: BUG: KASAN: null-ptr-deref in target_alloc_device+0xbc4/0xbe0 [target_core_mod] ... kasan_report+0xb9/0xf0 target_alloc_device+0xbc4/0xbe0 [target_core_mod] core_dev_setup_virtual_lun0+0xef/0x1f0 [target_core_mod] target_core_init_configfs+0x205/0x420 [target_core_mod] do_one_initcall+0xdd/0x4e0 ... entry_SYSCALL_64_after_hwframe+0x76/0x7e In target_alloc_device(), if allocing memory for dev queues fails, then dev will be freed by dev->transport->free_device(), but dev->transport is not initialized at that time, which will lead to a null pointer reference problem. Fixing this bug by freeing dev with hba->backend->ops->free_device().

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Secondary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.11(inclusive) to 5.15.170(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 5.16(inclusive) to 6.1.115(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.2(inclusive) to 6.6.59(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.7(inclusive) to 6.11.6(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>5.10.180
cpe:2.3:o:linux:linux_kernel:5.10.180:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.12
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.12
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.12
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-476Primarynvd@nist.gov
CWE-476Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-476
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-476
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://git.kernel.org/stable/c/14a6a2adb440e4ae97bee73b2360946bd033dadd416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/39e02fa90323243187c91bb3e8f2f5f6a9aacfc7416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/895ab729425ef9bf3b6d2f8d0853abe64896f314416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/8c1e6717f60d31f8af3937c23c4f1498529584e1416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/b80e9bc85bd9af378e7eac83e15dd129557bbdb6416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/fca6caeb4a61d240f031914413fcc69534f6dc03416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://git.kernel.org/stable/c/14a6a2adb440e4ae97bee73b2360946bd033dadd
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/39e02fa90323243187c91bb3e8f2f5f6a9aacfc7
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/895ab729425ef9bf3b6d2f8d0853abe64896f314
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/8c1e6717f60d31f8af3937c23c4f1498529584e1
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/b80e9bc85bd9af378e7eac83e15dd129557bbdb6
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/fca6caeb4a61d240f031914413fcc69534f6dc03
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found