Executive Summary

Informations
Name CVE-2024-46735 First vendor Publication 2024-09-18
Vendor Cve Last vendor Modification 2024-09-20

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()

When two UBLK_CMD_START_USER_RECOVERY commands are submitted, the first one sets 'ubq->ubq_daemon' to NULL, and the second one triggers WARN in ublk_queue_reinit() and subsequently a NULL pointer dereference issue.

Fix it by adding the check in ublk_ctrl_start_recovery() and return immediately in case of zero 'ub->nr_queues_ready'.

BUG: kernel NULL pointer dereference, address: 0000000000000028
RIP: 0010:ublk_ctrl_start_recovery.constprop.0+0x82/0x180
Call Trace:

? __die+0x20/0x70
? page_fault_oops+0x75/0x170
? exc_page_fault+0x64/0x140
? asm_exc_page_fault+0x22/0x30
? ublk_ctrl_start_recovery.constprop.0+0x82/0x180
ublk_ctrl_uring_cmd+0x4f7/0x6c0
? pick_next_task_idle+0x26/0x40
io_uring_cmd+0x9a/0x1b0
io_issue_sqe+0x193/0x3f0
io_wq_submit_work+0x9b/0x390
io_worker_handle_work+0x165/0x360
io_wq_worker+0xcb/0x2f0
? finish_task_switch.isra.0+0x203/0x290
? finish_task_switch.isra.0+0x203/0x290
? __pfx_io_wq_worker+0x10/0x10
ret_from_fork+0x2d/0x50
? __pfx_io_wq_worker+0x10/0x10
ret_from_fork_asm+0x1a/0x30

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46735

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-476 NULL Pointer Dereference

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3653

Sources (Detail)

https://git.kernel.org/stable/c/136a29d8112df4ea0a57f9602ddf3579e04089dc
https://git.kernel.org/stable/c/7c890ef60bf417d3fe5c6f7a9f6cef0e1d77f74f
https://git.kernel.org/stable/c/ca249435893dda766f3845c15ca77ca5672022d8
https://git.kernel.org/stable/c/e58f5142f88320a5b1449f96a146f2f24615c5c7
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Date Informations
2025-01-08 03:05:16
  • Multiple Updates
2025-01-07 03:04:49
  • Multiple Updates
2024-12-25 03:03:27
  • Multiple Updates
2024-12-12 03:06:24
  • Multiple Updates
2024-11-23 03:03:23
  • Multiple Updates
2024-11-22 03:01:33
  • Multiple Updates
2024-11-20 02:59:53
  • Multiple Updates
2024-11-14 03:00:12
  • Multiple Updates
2024-11-09 03:00:11
  • Multiple Updates
2024-10-26 02:57:34
  • Multiple Updates
2024-10-25 02:59:26
  • Multiple Updates
2024-10-23 02:58:38
  • Multiple Updates
2024-10-03 02:53:48
  • Multiple Updates
2024-10-02 02:52:11
  • Multiple Updates
2024-09-21 05:27:46
  • Multiple Updates
2024-09-20 17:27:28
  • Multiple Updates
2024-09-18 13:27:29
  • First insertion