Lucene search

K
ubuntucveUbuntu.comUB:CVE-2024-26845
HistoryApr 17, 2024 - 12:00 a.m.

CVE-2024-26845

2024-04-1700:00:00
ubuntu.com
ubuntu.com
5
linux kernel
vulnerability
scsi target
handling issue
fixed

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.2%

In the Linux kernel, the following vulnerability has been resolved: scsi:
target: core: Add TMF to tmr_list handling An abort that is responded to by
iSCSI itself is added to tmr_list but does not go to target core. A
LUN_RESET that goes through tmr_list takes a refcounter on the abort and
waits for completion. However, the abort will be never complete because it
was not started in target core. Unable to locate ITT: 0x05000000 on CID: 0
Unable to locate RefTaskTag: 0x05000000 on CID: 0. wait_for_tasks: Stopping
tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state
ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop wait for
tasks: tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state
ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop …
INFO: task kworker/0:2:49 blocked for more than 491 seconds.
task:kworker/0:2 state:D stack: 0 pid: 49 ppid: 2 flags:0x00000800
Workqueue: events target_tmr_work [target_core_mod] Call Trace:
__switch_to+0x2c4/0x470 _schedule+0x314/0x1730 schedule+0x64/0x130
schedule_timeout+0x168/0x430 wait_for_completion+0x140/0x270
target_put_cmd_and_wait+0x64/0xb0 [target_core_mod]
core_tmr_lun_reset+0x30/0xa0 [target_core_mod] target_tmr_work+0xc8/0x1b0
[target_core_mod] process_one_work+0x2d4/0x5d0 worker_thread+0x78/0x6c0 To
fix this, only add abort to tmr_list if it will be handled by target core.

References

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.2%