mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
136 lines
7.4 KiB
JSON
136 lines
7.4 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-42152",
|
|
"ASSIGNER": "cve@kernel.org",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: fix a possible leak when destroy a ctrl during qp establishment\n\nIn nvmet_sq_destroy we capture sq->ctrl early and if it is non-NULL we\nknow that a ctrl was allocated (in the admin connect request handler)\nand we need to release pending AERs, clear ctrl->sqs and sq->ctrl\n(for nvme-loop primarily), and drop the final reference on the ctrl.\n\nHowever, a small window is possible where nvmet_sq_destroy starts (as\na result of the client giving up and disconnecting) concurrently with\nthe nvme admin connect cmd (which may be in an early stage). But *before*\nkill_and_confirm of sq->ref (i.e. the admin connect managed to get an sq\nlive reference). In this case, sq->ctrl was allocated however after it was\ncaptured in a local variable in nvmet_sq_destroy.\nThis prevented the final reference drop on the ctrl.\n\nSolve this by re-capturing the sq->ctrl after all inflight request has\ncompleted, where for sure sq->ctrl reference is final, and move forward\nbased on that.\n\nThis issue was observed in an environment with many hosts connecting\nmultiple ctrls simoutanuosly, creating a delay in allocating a ctrl\nleading up to this race window."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Linux",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Linux",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "1da177e4c3f4",
|
|
"version_value": "2f3c22b1d3d7"
|
|
},
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "5.10.222",
|
|
"lessThanOrEqual": "5.10.*",
|
|
"status": "unaffected",
|
|
"versionType": "custom"
|
|
},
|
|
{
|
|
"version": "5.15.163",
|
|
"lessThanOrEqual": "5.15.*",
|
|
"status": "unaffected",
|
|
"versionType": "custom"
|
|
},
|
|
{
|
|
"version": "6.1.98",
|
|
"lessThanOrEqual": "6.1.*",
|
|
"status": "unaffected",
|
|
"versionType": "custom"
|
|
},
|
|
{
|
|
"version": "6.6.39",
|
|
"lessThanOrEqual": "6.6.*",
|
|
"status": "unaffected",
|
|
"versionType": "custom"
|
|
},
|
|
{
|
|
"version": "6.9.9",
|
|
"lessThanOrEqual": "6.9.*",
|
|
"status": "unaffected",
|
|
"versionType": "custom"
|
|
},
|
|
{
|
|
"version": "6.10",
|
|
"lessThanOrEqual": "*",
|
|
"status": "unaffected",
|
|
"versionType": "original_commit_for_fix"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/2f3c22b1d3d7e86712253244797a651998c141fa",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/2f3c22b1d3d7e86712253244797a651998c141fa"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/b4fed1443a6571d49c6ffe7d97af3bbe5ee6dff5",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/b4fed1443a6571d49c6ffe7d97af3bbe5ee6dff5"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/940a71f08ef153ef807f751310b0648d1fa5d0da",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/940a71f08ef153ef807f751310b0648d1fa5d0da"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/5502c1f1d0d7472706cc1f201aecf1c935d302d1",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/5502c1f1d0d7472706cc1f201aecf1c935d302d1"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/818004f2a380420c19872171be716174d4985e33",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/818004f2a380420c19872171be716174d4985e33"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/c758b77d4a0a0ed3a1292b3fd7a2aeccd1a169a4",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/c758b77d4a0a0ed3a1292b3fd7a2aeccd1a169a4"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "bippy-c9c4e1df01b2"
|
|
}
|
|
} |