Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2024-26845

Disclosure Date: April 17, 2024 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: core: Add TMF to tmr_list handling

An abort that is responded to by iSCSI itself is added to tmr_list but does
not go to target core. A LUN_RESET that goes through tmr_list takes a
refcounter on the abort and waits for completion. However, the abort will
be never complete because it was not started in target core.

Unable to locate ITT: 0x05000000 on CID: 0
Unable to locate RefTaskTag: 0x05000000 on CID: 0.
wait_for_tasks: Stopping tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop
wait for tasks: tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop
…
INFO: task kworker/0:2:49 blocked for more than 491 seconds.
task:kworker/0:2 state:D stack: 0 pid: 49 ppid: 2 flags:0x00000800
Workqueue: events target_tmr_work [target_core_mod]
Call Trace:
__switch_to+0x2c4/0x470
_schedule+0x314/0x1730
schedule+0x64/0x130
schedule_timeout+0x168/0x430
wait_for_completion+0x140/0x270
target_put_cmd_and_wait+0x64/0xb0 [target_core_mod]
core_tmr_lun_reset+0x30/0xa0 [target_core_mod]
target_tmr_work+0xc8/0x1b0 [target_core_mod]
process_one_work+0x2d4/0x5d0
worker_thread+0x78/0x6c0

To fix this, only add abort to tmr_list if it will be handled by target
core.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

Linux

Products

Linux

References

Canonical

CVE-2024-26845 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26845)

Miscellaneous

https://git.kernel.org/stable/c/425a571a7e6fc389954cf2564e1edbba3740e171

https://git.kernel.org/stable/c/11f3fe5001ed05721e641f0ecaa7a73b7deb245d

https://git.kernel.org/stable/c/168ed59170de1fd7274080fe102216162d6826cf

https://git.kernel.org/stable/c/a9849b67b4402a12eb35eadc9306c1ef9847d53d

https://git.kernel.org/stable/c/e717bd412001495f17400bfc09f606f1b594ef5a

https://git.kernel.org/stable/c/36bc5040c863b44af06094b22f1e50059227b9cb

https://git.kernel.org/stable/c/bd508f96b5fef96d8a0ce9cbb211d82bcfc2341f

https://git.kernel.org/stable/c/83ab68168a3d990d5ff39ab030ad5754cbbccb25

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Rapid7

Technical Analysis