{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42152", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-29T15:50:41.193Z", "datePublished": "2024-07-30T07:46:44.795Z", "dateUpdated": "2025-06-19T12:56:36.697Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-06-19T12:56:36.697Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: fix a possible leak when destroy a ctrl during qp establishment\n\nIn nvmet_sq_destroy we capture sq->ctrl early and if it is non-NULL we\nknow that a ctrl was allocated (in the admin connect request handler)\nand we need to release pending AERs, clear ctrl->sqs and sq->ctrl\n(for nvme-loop primarily), and drop the final reference on the ctrl.\n\nHowever, a small window is possible where nvmet_sq_destroy starts (as\na result of the client giving up and disconnecting) concurrently with\nthe nvme admin connect cmd (which may be in an early stage). But *before*\nkill_and_confirm of sq->ref (i.e. the admin connect managed to get an sq\nlive reference). In this case, sq->ctrl was allocated however after it was\ncaptured in a local variable in nvmet_sq_destroy.\nThis prevented the final reference drop on the ctrl.\n\nSolve this by re-capturing the sq->ctrl after all inflight request has\ncompleted, where for sure sq->ctrl reference is final, and move forward\nbased on that.\n\nThis issue was observed in an environment with many hosts connecting\nmultiple ctrls simoutanuosly, creating a delay in allocating a ctrl\nleading up to this race window."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nvme/target/core.c"], "versions": [{"version": "0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a", "lessThan": "2f3c22b1d3d7e86712253244797a651998c141fa", "status": "affected", "versionType": "git"}, {"version": "0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a", "lessThan": "b4fed1443a6571d49c6ffe7d97af3bbe5ee6dff5", "status": "affected", "versionType": "git"}, {"version": "0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a", "lessThan": "940a71f08ef153ef807f751310b0648d1fa5d0da", "status": "affected", "versionType": "git"}, {"version": "0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a", "lessThan": "5502c1f1d0d7472706cc1f201aecf1c935d302d1", "status": "affected", "versionType": "git"}, {"version": "0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a", "lessThan": "818004f2a380420c19872171be716174d4985e33", "status": "affected", "versionType": "git"}, {"version": "0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a", "lessThan": "c758b77d4a0a0ed3a1292b3fd7a2aeccd1a169a4", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nvme/target/core.c"], "versions": [{"version": "5.6", "status": "affected"}, {"version": "0", "lessThan": "5.6", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.222", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.163", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.98", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.39", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.9", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "5.10.222"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "5.15.163"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "6.1.98"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "6.6.39"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "6.9.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6", "versionEndExcluding": "6.10"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/2f3c22b1d3d7e86712253244797a651998c141fa"}, {"url": "https://git.kernel.org/stable/c/b4fed1443a6571d49c6ffe7d97af3bbe5ee6dff5"}, {"url": "https://git.kernel.org/stable/c/940a71f08ef153ef807f751310b0648d1fa5d0da"}, {"url": "https://git.kernel.org/stable/c/5502c1f1d0d7472706cc1f201aecf1c935d302d1"}, {"url": "https://git.kernel.org/stable/c/818004f2a380420c19872171be716174d4985e33"}, {"url": "https://git.kernel.org/stable/c/c758b77d4a0a0ed3a1292b3fd7a2aeccd1a169a4"}], "title": "nvmet: fix a possible leak when destroy a ctrl during qp establishment", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.370Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2f3c22b1d3d7e86712253244797a651998c141fa", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b4fed1443a6571d49c6ffe7d97af3bbe5ee6dff5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/940a71f08ef153ef807f751310b0648d1fa5d0da", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5502c1f1d0d7472706cc1f201aecf1c935d302d1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/818004f2a380420c19872171be716174d4985e33", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c758b77d4a0a0ed3a1292b3fd7a2aeccd1a169a4", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42152", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:15:21.603444Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:34.451Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2f3c22b1d3d7e86712253244797a651998c141fa", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b4fed1443a6571d49c6ffe7d97af3bbe5ee6dff5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/940a71f08ef153ef807f751310b0648d1fa5d0da", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5502c1f1d0d7472706cc1f201aecf1c935d302d1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/818004f2a380420c19872171be716174d4985e33", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c758b77d4a0a0ed3a1292b3fd7a2aeccd1a169a4", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.370Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42152", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:15:21.603444Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:24.537Z"}}], "cna": {"title": "nvmet: fix a possible leak when destroy a ctrl during qp establishment", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a", "lessThan": "2f3c22b1d3d7e86712253244797a651998c141fa", "versionType": "git"}, {"status": "affected", "version": "0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a", "lessThan": "b4fed1443a6571d49c6ffe7d97af3bbe5ee6dff5", "versionType": "git"}, {"status": "affected", "version": "0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a", "lessThan": "940a71f08ef153ef807f751310b0648d1fa5d0da", "versionType": "git"}, {"status": "affected", "version": "0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a", "lessThan": "5502c1f1d0d7472706cc1f201aecf1c935d302d1", "versionType": "git"}, {"status": "affected", "version": "0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a", "lessThan": "818004f2a380420c19872171be716174d4985e33", "versionType": "git"}, {"status": "affected", "version": "0f5be6a4ff7b3f8bf3db15f904e3e76797a43d9a", "lessThan": "c758b77d4a0a0ed3a1292b3fd7a2aeccd1a169a4", "versionType": "git"}], "programFiles": ["drivers/nvme/target/core.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.6"}, {"status": "unaffected", "version": "0", "lessThan": "5.6", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.222", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.163", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.98", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.39", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.9", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/nvme/target/core.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/2f3c22b1d3d7e86712253244797a651998c141fa"}, {"url": "https://git.kernel.org/stable/c/b4fed1443a6571d49c6ffe7d97af3bbe5ee6dff5"}, {"url": "https://git.kernel.org/stable/c/940a71f08ef153ef807f751310b0648d1fa5d0da"}, {"url": "https://git.kernel.org/stable/c/5502c1f1d0d7472706cc1f201aecf1c935d302d1"}, {"url": "https://git.kernel.org/stable/c/818004f2a380420c19872171be716174d4985e33"}, {"url": "https://git.kernel.org/stable/c/c758b77d4a0a0ed3a1292b3fd7a2aeccd1a169a4"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: fix a possible leak when destroy a ctrl during qp establishment\n\nIn nvmet_sq_destroy we capture sq->ctrl early and if it is non-NULL we\nknow that a ctrl was allocated (in the admin connect request handler)\nand we need to release pending AERs, clear ctrl->sqs and sq->ctrl\n(for nvme-loop primarily), and drop the final reference on the ctrl.\n\nHowever, a small window is possible where nvmet_sq_destroy starts (as\na result of the client giving up and disconnecting) concurrently with\nthe nvme admin connect cmd (which may be in an early stage). But *before*\nkill_and_confirm of sq->ref (i.e. the admin connect managed to get an sq\nlive reference). In this case, sq->ctrl was allocated however after it was\ncaptured in a local variable in nvmet_sq_destroy.\nThis prevented the final reference drop on the ctrl.\n\nSolve this by re-capturing the sq->ctrl after all inflight request has\ncompleted, where for sure sq->ctrl reference is final, and move forward\nbased on that.\n\nThis issue was observed in an environment with many hosts connecting\nmultiple ctrls simoutanuosly, creating a delay in allocating a ctrl\nleading up to this race window."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.222", "versionStartIncluding": "5.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.163", "versionStartIncluding": "5.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.98", "versionStartIncluding": "5.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.39", "versionStartIncluding": "5.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9.9", "versionStartIncluding": "5.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10", "versionStartIncluding": "5.6"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-06-19T12:56:36.697Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42152", "state": "PUBLISHED", "dateUpdated": "2025-06-19T12:56:36.697Z", "dateReserved": "2024-07-29T15:50:41.193Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-30T07:46:44.795Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A024C9F-1F70-4EB4-B7D0-432011590CAB", "versionEndExcluding": "5.10.222", "versionStartIncluding": "4.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A97DEB09-4927-40F8-B5C6-F5BD5EAE0CFD", "versionEndExcluding": "5.15.163", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E09E92A5-27EF-40E4-926A-B1CDC8270551", "versionEndExcluding": "6.1.98", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "29E894E4-668F-4DB0-81F7-4FB5F698E970", "versionEndExcluding": "6.6.39", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ADCC1407-0CB3-4C8F-B4C5-07F682CD7085", "versionEndExcluding": "6.9.9", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: fix a possible leak when destroy a ctrl during qp establishment\n\nIn nvmet_sq_destroy we capture sq->ctrl early and if it is non-NULL we\nknow that a ctrl was allocated (in the admin connect request handler)\nand we need to release pending AERs, clear ctrl->sqs and sq->ctrl\n(for nvme-loop primarily), and drop the final reference on the ctrl.\n\nHowever, a small window is possible where nvmet_sq_destroy starts (as\na result of the client giving up and disconnecting) concurrently with\nthe nvme admin connect cmd (which may be in an early stage). But *before*\nkill_and_confirm of sq->ref (i.e. the admin connect managed to get an sq\nlive reference). In this case, sq->ctrl was allocated however after it was\ncaptured in a local variable in nvmet_sq_destroy.\nThis prevented the final reference drop on the ctrl.\n\nSolve this by re-capturing the sq->ctrl after all inflight request has\ncompleted, where for sure sq->ctrl reference is final, and move forward\nbased on that.\n\nThis issue was observed in an environment with many hosts connecting\nmultiple ctrls simoutanuosly, creating a delay in allocating a ctrl\nleading up to this race window."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvmet: corrige una posible fuga al destruir un ctrl durante el establecimiento de qp En nvmet_sq_destroy capturamos sq->ctrl temprano y si no es NULL sabemos que se asign\u00f3 un ctrl (en el controlador de solicitudes de conexi\u00f3n de administrador) y necesitamos liberar los AER pendientes, borrar ctrl->sqs y sq->ctrl (principalmente para nvme-loop) y eliminar la referencia final en ctrl. Sin embargo, es posible una peque\u00f1a ventana donde se inicia nvmet_sq_destroy (como resultado de que el cliente se rinde y se desconecta) al mismo tiempo que el cmd de conexi\u00f3n del administrador de nvme (que puede estar en una etapa inicial). Pero *antes* de kill_and_confirm de sq->ref (es decir, la conexi\u00f3n del administrador logr\u00f3 obtener una referencia en vivo de sq). En este caso, se asign\u00f3 sq->ctrl sin embargo despu\u00e9s de ser capturado en una variable local en nvmet_sq_destroy. Esto evit\u00f3 la ca\u00edda de la referencia final en Ctrl. Resuelva esto volviendo a capturar sq->ctrl despu\u00e9s de que se hayan completado todas las solicitudes en curso, donde con seguridad la referencia sq->ctrl es definitiva, y avance en funci\u00f3n de eso. Este problema se observ\u00f3 en un entorno con muchos hosts que conectaban m\u00faltiples controles simult\u00e1neamente, lo que creaba un retraso en la asignaci\u00f3n de un control que conduc\u00eda a esta ventana de ejecuci\u00f3n."}], "id": "CVE-2024-42152", "lastModified": "2024-11-21T09:33:42.533", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-30T08:15:06.763", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2f3c22b1d3d7e86712253244797a651998c141fa"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5502c1f1d0d7472706cc1f201aecf1c935d302d1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/818004f2a380420c19872171be716174d4985e33"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/940a71f08ef153ef807f751310b0648d1fa5d0da"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b4fed1443a6571d49c6ffe7d97af3bbe5ee6dff5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c758b77d4a0a0ed3a1292b3fd7a2aeccd1a169a4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2f3c22b1d3d7e86712253244797a651998c141fa"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5502c1f1d0d7472706cc1f201aecf1c935d302d1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/818004f2a380420c19872171be716174d4985e33"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/940a71f08ef153ef807f751310b0648d1fa5d0da"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b4fed1443a6571d49c6ffe7d97af3bbe5ee6dff5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c758b77d4a0a0ed3a1292b3fd7a2aeccd1a169a4"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:7001", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:7000", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.22.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:5928", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.33.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-28T00:00:00Z"}, {"advisory": "RHSA-2024:5928", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.33.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-28T00:00:00Z"}, {"advisory": "RHSA-2024:8613", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.90.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-10-30T00:00:00Z"}, {"advisory": "RHSA-2024:8614", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.90.1.rt14.375.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-10-30T00:00:00Z"}], "bugzilla": {"description": "kernel: nvmet: fix a possible leak when destroy a ctrl during qp establishment", "id": "2301519", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301519"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-404", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnvmet: fix a possible leak when destroy a ctrl during qp establishment\nIn nvmet_sq_destroy we capture sq->ctrl early and if it is non-NULL we\nknow that a ctrl was allocated (in the admin connect request handler)\nand we need to release pending AERs, clear ctrl->sqs and sq->ctrl\n(for nvme-loop primarily), and drop the final reference on the ctrl.\nHowever, a small window is possible where nvmet_sq_destroy starts (as\na result of the client giving up and disconnecting) concurrently with\nthe nvme admin connect cmd (which may be in an early stage). But *before*\nkill_and_confirm of sq->ref (i.e. the admin connect managed to get an sq\nlive reference). In this case, sq->ctrl was allocated however after it was\ncaptured in a local variable in nvmet_sq_destroy.\nThis prevented the final reference drop on the ctrl.\nSolve this by re-capturing the sq->ctrl after all inflight request has\ncompleted, where for sure sq->ctrl reference is final, and move forward\nbased on that.\nThis issue was observed in an environment with many hosts connecting\nmultiple ctrls simoutanuosly, creating a delay in allocating a ctrl\nleading up to this race window.", "A vulnerability was found in the Linux kernel's nvme driver. A lack of proper checks can lead to a race condition during the destruction of a queue pair when a controller is being established. This issue can lead to system instability or crashes."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-42152", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42152\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42152\nhttps://lore.kernel.org/linux-cve-announce/2024073034-CVE-2024-42152-c248@gregkh/T"], "statement": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-404: Improper Resource Shutdown or Release vulnerability and downgrades the severity of this particular CVE from Moderate to Low.\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational requirements. Baseline configurations and system controls ensure secure software configurations, while least functionality reduces the attack surface and mitigates the risk of resource exhaustion from data leaks. \nThe environment incorporates malicious code protections such as IDS/IPS and antimalware solutions to detect threats and provide real-time visibility into resource usage, reducing the likelihood of resource leaks that could cause system instability. Event logs are collected and analyzed for centralization, correlation, monitoring, alerting, and retention, supporting the detection of abnormal resource usage patterns. Static code analysis and peer reviews enforce strong input validation and error handling to minimize the risk of denial-of-service (DoS) attacks. Lastly, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) strengthen resilience against memory-related vulnerabilities.", "threat_severity": "Moderate"}

{}