cve/2024/CVE-2024-41098.md

### [CVE-2024-41098](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41098)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=2.6.24%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=633273a3ed1cf37ced90475b0f95cf81deab04f1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)

### Description

In the Linux kernel, the following vulnerability has been resolved:ata: libata-core: Fix null pointer dereference on errorIf the ata_port_alloc() call in ata_host_alloc() fails,ata_host_release() will get called.However, the code in ata_host_release() tries to free ata_port structmembers unconditionally, which can lead to the following:BUG: unable to handle page fault for address: 0000000000003990PGD 0 P4D 0Oops: Oops: 0000 [#1] PREEMPT SMP NOPTICPU: 10 PID: 594 Comm: (udev-worker) Not tainted 6.10.0-rc5 #44Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014RIP: 0010:ata_host_release.cold+0x2f/0x6e [libata]Code: e4 4d 63 f4 44 89 e2 48 c7 c6 90 ad 32 c0 48 c7 c7 d0 70 33 c0 49 83 c6 0e 41RSP: 0018:ffffc90000ebb968 EFLAGS: 00010246RAX: 0000000000000041 RBX: ffff88810fb52e78 RCX: 0000000000000000RDX: 0000000000000000 RSI: ffff88813b3218c0 RDI: ffff88813b3218c0RBP: ffff88810fb52e40 R08: 0000000000000000 R09: 6c65725f74736f68R10: ffffc90000ebb738 R11: 73692033203a746e R12: 0000000000000004R13: 0000000000000000 R14: 0000000000000011 R15: 0000000000000006FS:  00007f6cc55b9980(0000) GS:ffff88813b300000(0000) knlGS:0000000000000000CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033CR2: 0000000000003990 CR3: 00000001122a2000 CR4: 0000000000750ef0PKRU: 55555554Call Trace: <TASK> ? __die_body.cold+0x19/0x27 ? page_fault_oops+0x15a/0x2f0 ? exc_page_fault+0x7e/0x180 ? asm_exc_page_fault+0x26/0x30 ? ata_host_release.cold+0x2f/0x6e [libata] ? ata_host_release.cold+0x2f/0x6e [libata] release_nodes+0x35/0xb0 devres_release_group+0x113/0x140 ata_host_alloc+0xed/0x120 [libata] ata_host_alloc_pinfo+0x14/0xa0 [libata] ahci_init_one+0x6c9/0xd20 [ahci]Do not access ata_port struct members unconditionally.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`### [CVE-2024-41098](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41098)`
			`![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=2.6.24%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=633273a3ed1cf37ced90475b0f95cf81deab04f1%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)`

			`### Description`

			In the Linux kernel, the following vulnerability has been resolved:ata: libata-core: Fix null pointer dereference on errorIf the ata_port_alloc() call in ata_host_alloc() fails,ata_host_release() will get called.However, the code in ata_host_release() tries to free ata_port structmembers unconditionally, which can lead to the following:BUG: unable to handle page fault for address: 0000000000003990PGD 0 P4D 0Oops: Oops: 0000 [#1] PREEMPT SMP NOPTICPU: 10 PID: 594 Comm: (udev-worker) Not tainted 6.10.0-rc5 #44Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014RIP: 0010:ata_host_release.cold+0x2f/0x6e [libata]Code: e4 4d 63 f4 44 89 e2 48 c7 c6 90 ad 32 c0 48 c7 c7 d0 70 33 c0 49 83 c6 0e 41RSP: 0018:ffffc90000ebb968 EFLAGS: 00010246RAX: 0000000000000041 RBX: ffff88810fb52e78 RCX: 0000000000000000RDX: 0000000000000000 RSI: ffff88813b3218c0 RDI: ffff88813b3218c0RBP: ffff88810fb52e40 R08: 0000000000000000 R09: 6c65725f74736f68R10: ffffc90000ebb738 R11: 73692033203a746e R12: 0000000000000004R13: 0000000000000000 R14: 0000000000000011 R15: 0000000000000006FS: 00007f6cc55b9980(0000) GS:ffff88813b300000(0000) knlGS:0000000000000000CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033CR2: 0000000000003990 CR3: 00000001122a2000 CR4: 0000000000750ef0PKRU: 55555554Call Trace: <TASK> ? __die_body.cold+0x19/0x27 ? page_fault_oops+0x15a/0x2f0 ? exc_page_fault+0x7e/0x180 ? asm_exc_page_fault+0x26/0x30 ? ata_host_release.cold+0x2f/0x6e [libata] ? ata_host_release.cold+0x2f/0x6e [libata] release_nodes+0x35/0xb0 devres_release_group+0x113/0x140 ata_host_alloc+0xed/0x120 [libata] ata_host_alloc_pinfo+0x14/0xa0 [libata] ahci_init_one+0x6c9/0xd20 [ahci]Do not access ata_port struct members unconditionally.

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`