SB2024040368 - Denial of service in Linux kernel scsi
Published: April 3, 2024 Updated: May 14, 2025
Security Bulletin ID
SB2024040368
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2024-26627)
The vulnerability allows a local user to perform a denial of service attack (DoS).
The vulnerability exists due to improper locking when calling the scsi_host_busy() function. A local user can perform a denial of service attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/f5944853f7a961fedc1227dc8f60393f8936d37c
- https://git.kernel.org/stable/c/d37c1c81419fdef66ebd0747cf76fb8b7d979059
- https://git.kernel.org/stable/c/db6338f45971b4285ea368432a84033690eaf53c
- https://git.kernel.org/stable/c/65ead8468c21c2676d4d06f50b46beffdea69df1
- https://git.kernel.org/stable/c/07e3ca0f17f579491b5f54e9ed05173d6c1d6fcb
- https://git.kernel.org/stable/c/4373534a9850627a2695317944898eb1283a2db0
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.210
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.149
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.77
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.16
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8