CVE-2024-26760

MEDIUM

Linux Kernel < 6.1.80 - NULL Pointer Dereference

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: target: pscsi: Fix bio_put() for error case As of commit 066ff571011d ("block: turn bio_kmalloc into a simple kmalloc wrapper"), a bio allocated by bio_kmalloc() must be freed by bio_uninit() and kfree(). That is not done properly for the error case, hitting WARN and NULL pointer dereference in bio_free().

References (4)

[Patch] https://git.kernel.org/stable/c/1cfe9489fb563e9a0c9cdc5ca68257a44428c2ec

[Patch] https://git.kernel.org/stable/c/4ebc079f0c7dcda1270843ab0f38ab4edb8f7921

[Patch] https://git.kernel.org/stable/c/de959094eb2197636f7c803af0943cb9d3b35804

[Patch] https://git.kernel.org/stable/c/f49b20fd0134da84a6bd8108f9e73c077b7d6231

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 3.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-476

Status published

Affected Products (9)

linux/linux_kernel < 6.1.80

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/Kernel < 6.1.80linux

linux/Kernel < 6.6.19linux

linux/Kernel < 6.7.7linux

Timeline

Published Apr 03, 2024

Tracked Since Feb 18, 2026