DEBIAN-CVE-2024-35954

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2024-35954

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-35954.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2024-35954

Upstream

CVE-2024-35954

Published

2024-05-20T10:15:10Z

Modified

2025-09-19T06:03:16Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Avoid sg device teardown race sgremovesfpusercontext() must not use sgdevicedestroy() after calling scsideviceput(). sgdevicedestroy() is accessing the parent scsidevice requestqueue which will already be set to NULL when the preceding call to scsideviceput() removed the last reference to the parent scsidevice. The resulting NULL pointer exception will then crash the kernel.

References

https://security-tracker.debian.org/tracker/CVE-2024-35954

Affected packages

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.8.9-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.8.9-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}