CVE-2024-56764

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-56764

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56764.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-56764

Downstream

BELL-CVE-2024-56764

DEBIAN-CVE-2024-56764

UBUNTU-CVE-2024-56764

USN-7379-1

USN-7381-1

USN-7382-1

USN-7513-1

USN-7513-2

USN-7513-3

USN-7513-4

USN-7513-5

USN-7514-1

USN-7515-1

USN-7515-2

USN-7522-1

USN-7523-1

USN-7524-1

Related

Published

2025-01-06T17:15:42Z

Modified

2025-08-09T20:01:27Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

ublk: detach gendisk from ublk device if add_disk() fails

Inside ublkabortrequests(), gendisk is grabbed for aborting all inflight requests. And ublkabortrequests() is called when exiting the uring context or handling timeout.

If adddisk() fails, the gendisk may have been freed when calling ublkabortrequests(), so use-after-free can be caused when getting disk's reference in ublkabort_requests().

Fixes the bug by detaching gendisk from ublk device if add_disk() fails.

References

Affected packages