Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistLinuxCVELIST:CVE-2024-45013
HistorySep 11, 2024 - 3:13 p.m.

CVE-2024-45013 nvme: move stopping keep-alive into nvme_uninit_ctrl()

2024-09-1115:13:50
Linux
www.cve.org
2
linux kernel
vulnerability
cve-2024-45013
nvme
keep-alive
nvme_uninit_ctrl
kernel panic
connection failure

EPSS

0

Percentile

9.6%

JSON

In the Linux kernel, the following vulnerability has been resolved:

nvme: move stopping keep-alive into nvme_uninit_ctrl()

Commit 4733b65d82bd (“nvme: start keep-alive after admin queue setup”)
moves starting keep-alive from nvme_start_ctrl() into
nvme_init_ctrl_finish(), but don’t move stopping keep-alive into
nvme_uninit_ctrl(), so keep-alive work can be started and keep pending
after failing to start controller, finally use-after-free is triggered if
nvme host driver is unloaded.

This patch fixes kernel panic when running nvme/004 in case that connection
failure is triggered, by moving stopping keep-alive into nvme_uninit_ctrl().

This way is reasonable because keep-alive is now started in
nvme_init_ctrl_finish().

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/nvme/host/core.c"
    ],
    "versions": [
      {
        "version": "3af755a46881",
        "lessThan": "4101af98ab57",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "3af755a46881",
        "lessThan": "a54a93d0e359",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/nvme/host/core.c"
    ],
    "versions": [
      {
        "version": "6.7",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.7",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10.7",
        "lessThanOrEqual": "6.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.11",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

nvd 1
cve 1
osv 1
debiancve 1
nvd
nvd
CVE-2024-45013
2024-09-11 16:15:06
cve
cve
CVE-2024-45013
2024-09-11 16:15:06
osv
osv
CVE-2024-45013
2024-09-11 16:15:06
debiancve
debiancve
CVE-2024-45013
2024-09-11 16:15:06

EPSS

0

Percentile

9.6%

JSON
Related for CVELIST:CVE-2024-45013
nvd1cve1osv1debiancve1