IM
IronMonkey Threat Research

CVE-2024-24855 MEDIUM

Published: 2024-02-05 | Last Modified: 2026-05-12 | Status: Modified

Description

A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.

Additional Descriptions (1)

Se encontró una condición de ejecución en el controlador de dispositivo scsi del kernel de Linux en la función lpfc_unregister_fcf_rescan(). Esto puede provocar un problema de desreferencia de puntero nulo, lo que posiblemente provoque un pánico en el kernel o un problema de denegación de servicio.

CVSS Metrics

Base Score: 4.7 (MEDIUM)

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack VectorLOCAL
Attack ComplexityHIGH
Privileges RequiredLOW
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.0

Impact Score: 3.6

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-362
[email protected] Primary
en CWE-362
en CWE-476

Affected Products

Vendor Product Version Update Type
linux linux_kernel * <built-in method update of dict object at 0x702bfc4c10c0> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bde247680> Operating System
linux linux_kernel 2.6.34 <built-in method update of dict object at 0x702ba6ab6640> Operating System
linux linux_kernel 6.5 <built-in method update of dict object at 0x702bde244cc0> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:2.6.34:rc1:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*

References

Notification
Message here