7.8
CVE-2024-54458
- EPSS 0.21%
- Veröffentlicht 27.02.2025 03:15:10
- Zuletzt bearbeitet 03.11.2025 20:16:43
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
scsi: ufs: bsg: Set bsg_queue to NULL after removal
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: bsg: Set bsg_queue to NULL after removal Currently, this does not cause any issues, but I believe it is necessary to set bsg_queue to NULL after removing it to prevent potential use-after-free (UAF) access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 6.1.129
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.79
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.16
Linux ≫ Linux Kernel Version >= 6.13 < 6.13.4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.117 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://git.kernel.org/stable/c/1e95c798d8a7f70965f0f88d4657b682ff0ec75f
https://git.kernel.org/stable/c/5e7b6e44468c3242c21c2a8656d009fb3eb50a73
https://git.kernel.org/stable/c/5f782d4741bf558def60df192b858b0efc6a5f0a
https://git.kernel.org/stable/c/88a01e9c9ad40c075756ba93b47984461d4ff15d
https://git.kernel.org/stable/c/9193bdc170cc23fe98aca71d1a63c0bf6e1e853b
https://git.kernel.org/stable/c/22018622e1e9e371198dbd983af946a844d5924c
https://git.kernel.org/stable/c/bb4783c670180b922267222408e1c48d22dfbb46
https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html