Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

Low

Attack Vector

Local

0

CVE-2024-26930

Disclosure Date: May 01, 2024 •

CVE-2024-26930 CVSS v3 Base Score: 7.8

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Fix double free of the ha->vp_map pointer

Coverity scan reported potential risk of double free of the pointer
ha->vp_map. ha->vp_map was freed in qla2x00_mem_alloc(), and again freed
in function qla2x00_mem_free(ha).

Assign NULL to vp_map and kfree take care of NULL.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.8 High

Impact Score:

5.9

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

linux

Products

linux kernel,
linux kernel 6.9

References

Canonical

CVE-2024-26930 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26930)

Miscellaneous

https://git.kernel.org/stable/c/f14cee7a882cb79528f17a2335f53e9fd1848467

https://git.kernel.org/stable/c/b7deb675d674f44e0ddbab87fee8f9f098925e73

https://git.kernel.org/stable/c/825d63164a2e6bacb059a9afb5605425b485413f

https://git.kernel.org/stable/c/e288285d47784fdcf7c81be56df7d65c6f10c58b

Rapid7

Technical Analysis