SB2024062679 - Improper locking in Linux kernel target driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper locking (CVE-ID: CVE-2024-26845)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the transport_generic_handle_tmr() function in drivers/target/target_core_transport.c, within the transport_lookup_tmr_lun() and rcu_dereference_raw() functions in drivers/target/target_core_device.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/425a571a7e6fc389954cf2564e1edbba3740e171
• https://git.kernel.org/stable/c/11f3fe5001ed05721e641f0ecaa7a73b7deb245d
• https://git.kernel.org/stable/c/168ed59170de1fd7274080fe102216162d6826cf
• https://git.kernel.org/stable/c/a9849b67b4402a12eb35eadc9306c1ef9847d53d
• https://git.kernel.org/stable/c/e717bd412001495f17400bfc09f606f1b594ef5a
• https://git.kernel.org/stable/c/36bc5040c863b44af06094b22f1e50059227b9cb
• https://git.kernel.org/stable/c/bd508f96b5fef96d8a0ce9cbb211d82bcfc2341f
• https://git.kernel.org/stable/c/83ab68168a3d990d5ff39ab030ad5754cbbccb25
• https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.308
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.211
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.150
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.270
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.80
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.19
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.7
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8