CVE-2024-26760

critical

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: target: pscsi: Fix bio_put() for error case As of commit 066ff571011d ("block: turn bio_kmalloc into a simple kmalloc wrapper"), a bio allocated by bio_kmalloc() must be freed by bio_uninit() and kfree(). That is not done properly for the error case, hitting WARN and NULL pointer dereference in bio_free().

References

https://git.kernel.org/stable/c/f49b20fd0134da84a6bd8108f9e73c077b7d6231

https://git.kernel.org/stable/c/de959094eb2197636f7c803af0943cb9d3b35804

https://git.kernel.org/stable/c/4ebc079f0c7dcda1270843ab0f38ab4edb8f7921

https://git.kernel.org/stable/c/1cfe9489fb563e9a0c9cdc5ca68257a44428c2ec

Details

Source: Mitre, NVD

Published: 2024-04-03

Updated: 2024-04-03

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical