CVE-2024-26760

As of commit 066ff571011d ("block: turn biokmalloc into a simple kmalloc wrapper"), a bio allocated by biokmalloc() must be freed by biouninit() and kfree(). That is not done properly for the error case, hitting WARN and NULL pointer dereference in biofree().

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

066ff571011d8416e903d3d4f1f41e0b5eb91e1d

Fixed

f49b20fd0134da84a6bd8108f9e73c077b7d6231

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

066ff571011d8416e903d3d4f1f41e0b5eb91e1d

Fixed

4ebc079f0c7dcda1270843ab0f38ab4edb8f7921

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

066ff571011d8416e903d3d4f1f41e0b5eb91e1d

Fixed

1cfe9489fb563e9a0c9cdc5ca68257a44428c2ec

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

066ff571011d8416e903d3d4f1f41e0b5eb91e1d

Fixed

de959094eb2197636f7c803af0943cb9d3b35804

Affected versions

v5.*

v5.18

v5.18-rc4

v5.18-rc5

v5.18-rc6

v5.18-rc7

v5.19

v5.19-rc1

v5.19-rc2

v5.19-rc3

v5.19-rc4

v5.19-rc5

v5.19-rc6

v5.19-rc7

v5.19-rc8

v6.*

v6.0

v6.0-rc1

v6.0-rc2

v6.0-rc3

v6.0-rc4

v6.0-rc5

v6.0-rc6

v6.0-rc7

v6.1

v6.1-rc1

v6.1-rc2

v6.1-rc3

v6.1-rc4

v6.1-rc5

v6.1-rc6

v6.1-rc7

v6.1-rc8

v6.1.1

v6.1.10

v6.1.11

v6.1.12

v6.1.13

v6.1.14

v6.1.15

v6.1.16

v6.1.17

v6.1.18

v6.1.19

v6.1.2

v6.1.20

v6.1.21

v6.1.22

v6.1.23

v6.1.24

v6.1.25

v6.1.26

v6.1.27

v6.1.28

v6.1.29

v6.1.3

v6.1.30

v6.1.31

v6.1.32

v6.1.33

v6.1.34

v6.1.35

v6.1.36

v6.1.37

v6.1.38

v6.1.39

v6.1.4

v6.1.40

v6.1.41

v6.1.42

v6.1.43

v6.1.44

v6.1.45

v6.1.46

v6.1.47

v6.1.48

v6.1.49

v6.1.5

v6.1.50

v6.1.51

v6.1.52

v6.1.53

v6.1.54

v6.1.55

v6.1.56

v6.1.57

v6.1.58

v6.1.59

v6.1.6

v6.1.60

v6.1.61

v6.1.62

v6.1.63

v6.1.64

v6.1.65

v6.1.66

v6.1.67

v6.1.68

v6.1.69

v6.1.7

v6.1.70

v6.1.71

v6.1.72

v6.1.73

v6.1.74

v6.1.75

v6.1.76

v6.1.77

v6.1.78

v6.1.79

v6.1.8

v6.1.9

v6.2

v6.2-rc1

v6.2-rc2

v6.2-rc3

v6.2-rc4

v6.2-rc5

v6.2-rc6

v6.2-rc7

v6.2-rc8

v6.3

v6.3-rc1

v6.3-rc2

v6.3-rc3

v6.3-rc4

v6.3-rc5

v6.3-rc6

v6.3-rc7

v6.4

v6.4-rc1

v6.4-rc2

v6.4-rc3

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.5

v6.5-rc1

v6.5-rc2

v6.5-rc3

v6.5-rc4

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.6.1

v6.6.10

v6.6.11

v6.6.12

v6.6.13

v6.6.14

v6.6.15

v6.6.16

v6.6.17

v6.6.18

v6.6.2

v6.6.3

v6.6.4

v6.6.5

v6.6.6

v6.6.7

v6.6.8

v6.6.9

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.7.1

v6.7.2

v6.7.3

v6.7.4

v6.7.5

v6.7.6

v6.8-rc1

Database specific

{
    "vanir_signatures": [
        {
            "digest": {
                "line_hashes": [
                    "79552222918525795527564961066823487355",
                    "308084939290947433208570407222685733795",
                    "3160580842330644235659345761726011992",
                    "9214635164774214897973372011872457272",
                    "123936705339273293745491758927579465572",
                    "237329762265718484275536144664755833026",
                    "263085880376687789486201305292929363955",
                    "24800325815496891214259808126966926493",
                    "140105756475090084601474526292373061107"
                ],
                "threshold": 0.9
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4ebc079f0c7dcda1270843ab0f38ab4edb8f7921",
            "signature_type": "Line",
            "target": {
                "file": "drivers/target/target_core_pscsi.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-26760-13914575"
        },
        {
            "digest": {
                "length": 2125.0,
                "function_hash": "105076304183835552083690985401563465841"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4ebc079f0c7dcda1270843ab0f38ab4edb8f7921",
            "signature_type": "Function",
            "target": {
                "function": "pscsi_map_sg",
                "file": "drivers/target/target_core_pscsi.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-26760-381ff143"
        },
        {
            "digest": {
                "length": 2125.0,
                "function_hash": "105076304183835552083690985401563465841"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1cfe9489fb563e9a0c9cdc5ca68257a44428c2ec",
            "signature_type": "Function",
            "target": {
                "function": "pscsi_map_sg",
                "file": "drivers/target/target_core_pscsi.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-26760-457eeea4"
        },
        {
            "digest": {
                "length": 2125.0,
                "function_hash": "105076304183835552083690985401563465841"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@de959094eb2197636f7c803af0943cb9d3b35804",
            "signature_type": "Function",
            "target": {
                "function": "pscsi_map_sg",
                "file": "drivers/target/target_core_pscsi.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-26760-52127f1c"
        },
        {
            "digest": {
                "line_hashes": [
                    "79552222918525795527564961066823487355",
                    "308084939290947433208570407222685733795",
                    "3160580842330644235659345761726011992",
                    "9214635164774214897973372011872457272",
                    "123936705339273293745491758927579465572",
                    "237329762265718484275536144664755833026",
                    "263085880376687789486201305292929363955",
                    "24800325815496891214259808126966926493",
                    "140105756475090084601474526292373061107"
                ],
                "threshold": 0.9
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@de959094eb2197636f7c803af0943cb9d3b35804",
            "signature_type": "Line",
            "target": {
                "file": "drivers/target/target_core_pscsi.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-26760-738fa10b"
        },
        {
            "digest": {
                "length": 2125.0,
                "function_hash": "105076304183835552083690985401563465841"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f49b20fd0134da84a6bd8108f9e73c077b7d6231",
            "signature_type": "Function",
            "target": {
                "function": "pscsi_map_sg",
                "file": "drivers/target/target_core_pscsi.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-26760-a59783a6"
        },
        {
            "digest": {
                "line_hashes": [
                    "79552222918525795527564961066823487355",
                    "308084939290947433208570407222685733795",
                    "3160580842330644235659345761726011992",
                    "9214635164774214897973372011872457272",
                    "123936705339273293745491758927579465572",
                    "237329762265718484275536144664755833026",
                    "263085880376687789486201305292929363955",
                    "24800325815496891214259808126966926493",
                    "140105756475090084601474526292373061107"
                ],
                "threshold": 0.9
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1cfe9489fb563e9a0c9cdc5ca68257a44428c2ec",
            "signature_type": "Line",
            "target": {
                "file": "drivers/target/target_core_pscsi.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-26760-a98bd3e6"
        },
        {
            "digest": {
                "line_hashes": [
                    "79552222918525795527564961066823487355",
                    "308084939290947433208570407222685733795",
                    "3160580842330644235659345761726011992",
                    "9214635164774214897973372011872457272",
                    "123936705339273293745491758927579465572",
                    "237329762265718484275536144664755833026",
                    "263085880376687789486201305292929363955",
                    "24800325815496891214259808126966926493",
                    "140105756475090084601474526292373061107"
                ],
                "threshold": 0.9
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f49b20fd0134da84a6bd8108f9e73c077b7d6231",
            "signature_type": "Line",
            "target": {
                "file": "drivers/target/target_core_pscsi.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-26760-db9e5445"
        }
    ]
}

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.19.0

Fixed

6.1.80

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.19

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.7.7