CVE-2024-56764

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-56764
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56764.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-56764
Downstream
Related
Published
2025-01-06T17:15:42Z
Modified
2025-08-09T20:01:27Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

ublk: detach gendisk from ublk device if add_disk() fails

Inside ublkabortrequests(), gendisk is grabbed for aborting all inflight requests. And ublkabortrequests() is called when exiting the uring context or handling timeout.

If adddisk() fails, the gendisk may have been freed when calling ublkabortrequests(), so use-after-free can be caused when getting disk's reference in ublkabort_requests().

Fixes the bug by detaching gendisk from ublk device if add_disk() fails.

References

Affected packages