CVE-2024-26760 : In the Linux kernel, the following vulnerability has been resolved: scsi: targe

In the Linux kernel, the following vulnerability has been resolved: scsi: target: pscsi: Fix bio_put() for error case As of commit 066ff571011d ("block: turn bio_kmalloc into a simple kmalloc wrapper"), a bio allocated by bio_kmalloc() must be freed by bio_uninit() and kfree(). That is not done properly for the error case, hitting WARN and NULL pointer dereference in bio_free().

Published 2024-04-03 17:15:52

Updated 2025-03-03 17:33:20

Source Linux

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2024-26760

Linux » Linux Kernel
Versions from including (>=) 6.7 and before (<) 6.7.7
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.19 and before (<) 6.1.80
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.2 and before (<) 6.6.19
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.8 Update RC1
cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.8 Update RC2
cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.8 Update RC3
cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.8 Update RC4
cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.8 Update RC5
cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2024-26760

EPSS FAQ

0.01%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 1 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-26760

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST	2025-03-03
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2024-26760

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

Assigned by: nvd@nist.gov (Secondary)

References for CVE-2024-26760

https://git.kernel.org/stable/c/1cfe9489fb563e9a0c9cdc5ca68257a44428c2ec

scsi: target: pscsi: Fix bio_put() for error case - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/de959094eb2197636f7c803af0943cb9d3b35804

scsi: target: pscsi: Fix bio_put() for error case - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/4ebc079f0c7dcda1270843ab0f38ab4edb8f7921

scsi: target: pscsi: Fix bio_put() for error case - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/f49b20fd0134da84a6bd8108f9e73c077b7d6231

scsi: target: pscsi: Fix bio_put() for error case - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2024-26760

Products affected by CVE-2024-26760

Exploit prediction scoring system (EPSS) score for CVE-2024-26760

CVSS scores for CVE-2024-26760

CWE ids for CVE-2024-26760

References for CVE-2024-26760