摘要:
In the Linux kernel, the following vulnerability has been resolved:
ublk: detach gendisk from ublk device if add_disk() fails
Inside ublk_abort_requests(), gendisk is grabbed for aborting all
inflight requests. And ublk_abort_requests() is called when exiting
the uring context or handling timeout.
If add_disk() fails, the gendisk may have been freed when calling
ublk_abort_requests(), so use-after-free can be caused when getting
disk's reference in ublk_abort_requests().
Fixes the bug by detaching gendisk from ublk device if add_disk() fails.
安全等级: Low
公告ID: KylinSec-SA-2025-1007
发布日期: 2025年1月15日
关联CVE: CVE-2024-56764
In the Linux kernel, the following vulnerability has been resolved:
ublk: detach gendisk from ublk device if add_disk() fails
Inside ublk_abort_requests(), gendisk is grabbed for aborting all
inflight requests. And ublk_abort_requests() is called when exiting
the uring context or handling timeout.
If add_disk() fails, the gendisk may have been freed when calling
ublk_abort_requests(), so use-after-free can be caused when getting
disk's reference in ublk_abort_requests().
Fixes the bug by detaching gendisk from ublk device if add_disk() fails.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2024-56764 | KY3.4-5 | kernel | Unaffected |
| CVE-2024-56764 | KY3.5.3 | kernel | Unaffected |
| CVE-2024-56764 | V6 | kernel | Unaffected |
