CVE-2024-35954

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-35954
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35954.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-35954
Downstream
Related
Published
2024-05-20T09:41:47Z
Modified
2025-10-15T10:58:36.822417Z
Summary
scsi: sg: Avoid sg device teardown race
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: sg: Avoid sg device teardown race

sgremovesfpusercontext() must not use sgdevicedestroy() after calling scsidevice_put().

sgdevicedestroy() is accessing the parent scsidevice requestqueue which will already be set to NULL when the preceding call to scsideviceput() removed the last reference to the parent scsi_device.

The resulting NULL pointer exception will then crash the kernel.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
db59133e927916d8a25ee1fd8264f2808040909d
Fixed
46af9047523e2517712ae8e71d984286c626e022
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
db59133e927916d8a25ee1fd8264f2808040909d
Fixed
b0d1ebcc1a9560e494ea9b3ee808540db26c5086
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
db59133e927916d8a25ee1fd8264f2808040909d
Fixed
27f58c04a8f438078583041468ec60597841284d
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4cc664e59bf2553771e4c9e90f758f7434cfdc22

Affected versions

v5.*

v5.10.1
v5.10.10
v5.10.11
v5.10.12
v5.10.13
v5.10.14
v5.10.15
v5.10.16
v5.10.17
v5.10.18
v5.10.19
v5.10.2
v5.10.3
v5.10.4
v5.10.5
v5.10.6
v5.10.7
v5.10.8
v5.10.9
v5.11.1
v5.11.10
v5.11.11
v5.11.12
v5.11.13
v5.11.14
v5.11.15
v5.11.16
v5.11.17
v5.11.18
v5.11.19
v5.11.2
v5.11.20
v5.11.21
v5.11.3
v5.11.4
v5.11.5
v5.11.6
v5.11.7
v5.11.8
v5.11.9
v5.12.1
v5.12.10
v5.12.11
v5.12.12
v5.12.13
v5.12.14
v5.12.15
v5.12.16
v5.12.17
v5.12.18
v5.12.19
v5.12.2
v5.12.3
v5.12.4
v5.12.5
v5.12.6
v5.12.7
v5.12.8
v5.12.9
v5.13.1
v5.13.10
v5.13.11
v5.13.12
v5.13.13
v5.13.14
v5.13.15
v5.13.16
v5.13.17
v5.13.18
v5.13.2
v5.13.3
v5.13.4
v5.13.5
v5.13.6
v5.13.7
v5.13.8
v5.13.9
v5.14.1
v5.14.10
v5.14.11
v5.14.12
v5.14.13
v5.14.14
v5.14.15
v5.14.16
v5.14.17
v5.14.18
v5.14.19
v5.14.2
v5.14.20
v5.14.3
v5.14.4
v5.14.5
v5.14.6
v5.14.7
v5.14.8
v5.14.9
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.3
v5.15.4
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16.1
v5.16.10
v5.16.11
v5.16.12
v5.16.13
v5.16.14
v5.16.15
v5.16.16
v5.16.17
v5.16.18
v5.16.19
v5.16.2
v5.16.20
v5.16.3
v5.16.4
v5.16.5
v5.16.6
v5.16.7
v5.16.8
v5.16.9
v5.17.1
v5.17.10
v5.17.11
v5.17.12
v5.17.13
v5.17.14
v5.17.2
v5.17.3
v5.17.4
v5.17.5
v5.17.6
v5.17.7
v5.17.8
v5.17.9
v5.18.1
v5.18.10
v5.18.11
v5.18.12
v5.18.13
v5.18.14
v5.18.15
v5.18.16
v5.18.17
v5.18.18
v5.18.19
v5.18.2
v5.18.3
v5.18.4
v5.18.5
v5.18.6
v5.18.7
v5.18.8
v5.18.9
v5.19.1
v5.19.10
v5.19.11
v5.19.12
v5.19.13
v5.19.14
v5.19.15
v5.19.16
v5.19.2
v5.19.3
v5.19.4
v5.19.5
v5.19.6
v5.19.7
v5.19.8
v5.19.9
v5.6.1
v5.6.10
v5.6.11
v5.6.12
v5.6.13
v5.6.14
v5.6.15
v5.6.16
v5.6.17
v5.6.18
v5.6.2
v5.6.3
v5.6.4
v5.6.5
v5.6.6
v5.6.7
v5.6.8
v5.6.9
v5.7.1
v5.7.10
v5.7.11
v5.7.12
v5.7.13
v5.7.14
v5.7.15
v5.7.16
v5.7.2
v5.7.3
v5.7.4
v5.7.5
v5.7.6
v5.7.7
v5.7.8
v5.7.9
v5.8.1
v5.8.10
v5.8.11
v5.8.12
v5.8.13
v5.8.14
v5.8.15
v5.8.16
v5.8.17
v5.8.18
v5.8.2
v5.8.3
v5.8.4
v5.8.5
v5.8.6
v5.8.7
v5.8.8
v5.8.9
v5.9.1
v5.9.10
v5.9.11
v5.9.12
v5.9.13
v5.9.14
v5.9.15
v5.9.16
v5.9.2
v5.9.3
v5.9.4
v5.9.5
v5.9.6
v5.9.7
v5.9.8
v5.9.9

v6.*

v6.0.1
v6.0.10
v6.0.11
v6.0.12
v6.0.13
v6.0.14
v6.0.15
v6.0.16
v6.0.17
v6.0.18
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.0.9
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.2
v6.1.3
v6.1.4
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.10.1
v6.10.10
v6.10.11
v6.10.12
v6.10.13
v6.10.2
v6.10.3
v6.10.4
v6.10.5
v6.10.6
v6.10.7
v6.10.8
v6.10.9
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.11.1
v6.11.10
v6.11.11
v6.11.2
v6.11.3
v6.11.4
v6.11.5
v6.11.6
v6.11.7
v6.11.8
v6.11.9
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.2
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.13.1
v6.13.10
v6.13.11
v6.13.12
v6.13.2
v6.13.3
v6.13.4
v6.13.5
v6.13.6
v6.13.7
v6.13.8
v6.13.9
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.14.1
v6.14.10
v6.14.11
v6.14.2
v6.14.3
v6.14.4
v6.14.5
v6.14.6
v6.14.7
v6.14.8
v6.14.9
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.15.1
v6.15.10
v6.15.11
v6.15.2
v6.15.3
v6.15.4
v6.15.5
v6.15.6
v6.15.7
v6.15.8
v6.15.9
v6.16
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.16.1
v6.16.10
v6.16.11
v6.16.12
v6.16.2
v6.16.3
v6.16.4
v6.16.5
v6.16.6
v6.16.7
v6.16.8
v6.16.9
v6.17
v6.17-rc1
v6.17-rc2
v6.17-rc3
v6.17-rc4
v6.17-rc5
v6.17-rc6
v6.17-rc7
v6.17.1
v6.17.2
v6.2.1
v6.2.10
v6.2.11
v6.2.12
v6.2.13
v6.2.14
v6.2.15
v6.2.2
v6.2.3
v6.2.4
v6.2.5
v6.2.6
v6.2.7
v6.2.8
v6.2.9
v6.3.1
v6.3.10
v6.3.11
v6.3.12
v6.3.2
v6.3.3
v6.3.4
v6.3.5
v6.3.6
v6.3.7
v6.3.8
v6.3.9
v6.4
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.4.10
v6.4.11
v6.4.12
v6.4.13
v6.4.14
v6.4.15
v6.4.16
v6.4.7
v6.4.8
v6.4.9
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.5.1
v6.5.10
v6.5.11
v6.5.12
v6.5.13
v6.5.2
v6.5.3
v6.5.4
v6.5.5
v6.5.6
v6.5.7
v6.5.8
v6.5.9
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.10
v6.7.11
v6.7.2
v6.7.3
v6.7.4
v6.7.5
v6.7.6
v6.7.7
v6.7.8
v6.7.9
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.10
v6.8.11
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.8.7
v6.8.8
v6.8.9
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
v6.9.1
v6.9.10
v6.9.11
v6.9.12
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v6.9.6
v6.9.7
v6.9.8
v6.9.9

Database specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 902.0,
                "function_hash": "93041963892864267376507955379659494309"
            },
            "target": {
                "function": "sg_remove_sfp_usercontext",
                "file": "drivers/scsi/sg.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b0d1ebcc1a9560e494ea9b3ee808540db26c5086",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-35954-021d57be"
        },
        {
            "digest": {
                "length": 902.0,
                "function_hash": "93041963892864267376507955379659494309"
            },
            "target": {
                "function": "sg_remove_sfp_usercontext",
                "file": "drivers/scsi/sg.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@27f58c04a8f438078583041468ec60597841284d",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-35954-15dfec23"
        },
        {
            "digest": {
                "length": 902.0,
                "function_hash": "93041963892864267376507955379659494309"
            },
            "target": {
                "function": "sg_remove_sfp_usercontext",
                "file": "drivers/scsi/sg.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@46af9047523e2517712ae8e71d984286c626e022",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-35954-331c25b8"
        },
        {
            "digest": {
                "line_hashes": [
                    "145537013495947612375378247592753457561",
                    "13557752983133269548375418634335156159",
                    "27646978872938459708983584540224798470",
                    "316835235258385083355150090826857041708",
                    "191812292215513046967995430404577111269",
                    "173433213063119431435056505685353744315",
                    "251629853924630427350526365264654746320",
                    "69439444062648953689794667635780052495",
                    "213987910898629743795759742475931576905"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "drivers/scsi/sg.c"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@46af9047523e2517712ae8e71d984286c626e022",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-35954-4eb0d1ff"
        },
        {
            "digest": {
                "line_hashes": [
                    "145537013495947612375378247592753457561",
                    "13557752983133269548375418634335156159",
                    "27646978872938459708983584540224798470",
                    "316835235258385083355150090826857041708",
                    "191812292215513046967995430404577111269",
                    "173433213063119431435056505685353744315",
                    "251629853924630427350526365264654746320",
                    "69439444062648953689794667635780052495",
                    "213987910898629743795759742475931576905"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "drivers/scsi/sg.c"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b0d1ebcc1a9560e494ea9b3ee808540db26c5086",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-35954-6516d46d"
        },
        {
            "digest": {
                "line_hashes": [
                    "145537013495947612375378247592753457561",
                    "13557752983133269548375418634335156159",
                    "27646978872938459708983584540224798470",
                    "316835235258385083355150090826857041708",
                    "191812292215513046967995430404577111269",
                    "173433213063119431435056505685353744315",
                    "251629853924630427350526365264654746320",
                    "69439444062648953689794667635780052495",
                    "213987910898629743795759742475931576905"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "drivers/scsi/sg.c"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@27f58c04a8f438078583041468ec60597841284d",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-35954-860a4f06"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.5.0
Fixed
6.6.28
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.8.7