Executive Summary

Informations
Name CVE-2024-35954 First vendor Publication 2024-05-20
Vendor Cve Last vendor Modification 2024-05-20

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

scsi: sg: Avoid sg device teardown race

sg_remove_sfp_usercontext() must not use sg_device_destroy() after calling scsi_device_put().

sg_device_destroy() is accessing the parent scsi_device request_queue which will already be set to NULL when the preceding call to scsi_device_put() removed the last reference to the parent scsi_device.

The resulting NULL pointer exception will then crash the kernel.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35954

Sources (Detail)

https://git.kernel.org/stable/c/27f58c04a8f438078583041468ec60597841284d
https://git.kernel.org/stable/c/46af9047523e2517712ae8e71d984286c626e022
https://git.kernel.org/stable/c/b0d1ebcc1a9560e494ea9b3ee808540db26c5086
Source Url

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2024-05-20 17:27:25
  • First insertion