CVE-2024-26760

medium

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: target: pscsi: Fix bio_put() for error case As of commit 066ff571011d ("block: turn bio_kmalloc into a simple kmalloc wrapper"), a bio allocated by bio_kmalloc() must be freed by bio_uninit() and kfree(). That is not done properly for the error case, hitting WARN and NULL pointer dereference in bio_free().

References

https://git.kernel.org/stable/c/f49b20fd0134da84a6bd8108f9e73c077b7d6231

https://git.kernel.org/stable/c/de959094eb2197636f7c803af0943cb9d3b35804

https://git.kernel.org/stable/c/4ebc079f0c7dcda1270843ab0f38ab4edb8f7921

https://git.kernel.org/stable/c/1cfe9489fb563e9a0c9cdc5ca68257a44428c2ec

Details

Source: Mitre, NVD

Published: 2024-04-03

Updated: 2024-04-03

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium