vulnerability

Ubuntu: (Multiple Advisories) (CVE-2024-49863): Linux kernel vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:N/I:N/A:C)	Oct 21, 2024	Dec 18, 2024	Aug 18, 2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

Oct 21, 2024

Added

Dec 18, 2024

Modified

Aug 18, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

vhost/scsi: null-ptr-dereference in vhost_scsi_get_req()

Since commit 3f8ca2e115e5 ("vhost/scsi: Extract common handling code
from control queue handler") a null pointer dereference bug can be
triggered when guest sends an SCSI AN request.

In vhost_scsi_ctl_handle_vq(), `vc.target` is assigned with
`&v_req.tmf.lun[1]` within a switch-case block and is then passed to
vhost_scsi_get_req() which extracts `vc->req` and `tpg`. However, for
a `VIRTIO_SCSI_T_AN_*` request, tpg is not required, so `vc.target` is
set to NULL in this branch. Later, in vhost_scsi_get_req(),
`vc->target` is dereferenced without being checked, leading to a null
pointer dereference bug. This bug can be triggered from guest.

When this bug occurs, the vhost_worker process is killed while holding
`vq->mutex` and the corresponding tpg will remain occupied
indefinitely.

Below is the KASAN report:
Oops: general protection fault, probably for non-canonical address
0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 1 PID: 840 Comm: poc Not tainted 6.10.0+ #1
Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS
1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:vhost_scsi_get_req+0x165/0x3a0
Code: 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 2b 02 00 00
48 b8 00 00 00 00 00 fc ff df 4d 8b 65 30 4c 89 e2 48 c1 ea 03 <0f> b6
04 02 4c 89 e2 83 e2 07 38 d0 7f 08 84 c0 0f 85 be 01 00 00
RSP: 0018:ffff888017affb50 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffff88801b000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888017affcb8
RBP: ffff888017affb80 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffff888017affc88 R14: ffff888017affd1c R15: ffff888017993000
FS: 000055556e076500(0000) GS:ffff88806b100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200027c0 CR3: 0000000010ed0004 CR4: 0000000000370ef0
Call Trace:
<TASK>
? show_regs+0x86/0xa0
? die_addr+0x4b/0xd0
? exc_general_protection+0x163/0x260
? asm_exc_general_protection+0x27/0x30
? vhost_scsi_get_req+0x165/0x3a0
vhost_scsi_ctl_handle_vq+0x2a4/0xca0
? __pfx_vhost_scsi_ctl_handle_vq+0x10/0x10
? __switch_to+0x721/0xeb0
? __schedule+0xda5/0x5710
? __kasan_check_write+0x14/0x30
? _raw_spin_lock+0x82/0xf0
vhost_scsi_ctl_handle_kick+0x52/0x90
vhost_run_work_list+0x134/0x1b0
vhost_task_fn+0x121/0x350
...
</TASK>
---[ end trace 0000000000000000 ]---

Let's add a check in vhost_scsi_get_req.

[whitespace fixes]

Solutions

ubuntu-upgrade-linux-image-5-15-0-1039-xilinx-zynqmpubuntu-upgrade-linux-image-5-15-0-1056-gkeopubuntu-upgrade-linux-image-5-15-0-1066-ibmubuntu-upgrade-linux-image-5-15-0-1066-raspiubuntu-upgrade-linux-image-5-15-0-1068-nvidiaubuntu-upgrade-linux-image-5-15-0-1068-nvidia-lowlatencyubuntu-upgrade-linux-image-5-15-0-1070-gkeubuntu-upgrade-linux-image-5-15-0-1070-kvmubuntu-upgrade-linux-image-5-15-0-1071-intel-iotgubuntu-upgrade-linux-image-5-15-0-1071-oracleubuntu-upgrade-linux-image-5-15-0-1072-gcpubuntu-upgrade-linux-image-5-15-0-1073-awsubuntu-upgrade-linux-image-5-15-0-1078-azureubuntu-upgrade-linux-image-5-15-0-127-genericubuntu-upgrade-linux-image-5-15-0-127-generic-64kubuntu-upgrade-linux-image-5-15-0-127-generic-lpaeubuntu-upgrade-linux-image-5-15-0-127-lowlatencyubuntu-upgrade-linux-image-5-15-0-127-lowlatency-64kubuntu-upgrade-linux-image-6-11-0-1005-realtimeubuntu-upgrade-linux-image-6-11-0-1008-raspiubuntu-upgrade-linux-image-6-11-0-1009-awsubuntu-upgrade-linux-image-6-11-0-1009-azureubuntu-upgrade-linux-image-6-11-0-1009-azure-fdeubuntu-upgrade-linux-image-6-11-0-1009-gcpubuntu-upgrade-linux-image-6-11-0-1010-lowlatencyubuntu-upgrade-linux-image-6-11-0-1010-lowlatency-64kubuntu-upgrade-linux-image-6-11-0-1011-oracleubuntu-upgrade-linux-image-6-11-0-1011-oracle-64kubuntu-upgrade-linux-image-6-11-0-1015-oemubuntu-upgrade-linux-image-6-11-0-18-genericubuntu-upgrade-linux-image-6-11-0-18-generic-64kubuntu-upgrade-linux-image-6-8-0-1006-gkeopubuntu-upgrade-linux-image-6-8-0-1014-azure-nvidiaubuntu-upgrade-linux-image-6-8-0-1019-gkeubuntu-upgrade-linux-image-6-8-0-1019-raspiubuntu-upgrade-linux-image-6-8-0-1020-oracleubuntu-upgrade-linux-image-6-8-0-1020-oracle-64kubuntu-upgrade-linux-image-6-8-0-1022-ibmubuntu-upgrade-linux-image-6-8-0-1022-nvidiaubuntu-upgrade-linux-image-6-8-0-1022-nvidia-64kubuntu-upgrade-linux-image-6-8-0-1022-nvidia-lowlatencyubuntu-upgrade-linux-image-6-8-0-1022-nvidia-lowlatency-64kubuntu-upgrade-linux-image-6-8-0-1023-awsubuntu-upgrade-linux-image-6-8-0-1024-gcpubuntu-upgrade-linux-image-6-8-0-1024-gcp-64kubuntu-upgrade-linux-image-6-8-0-1024-oemubuntu-upgrade-linux-image-6-8-0-1025-azureubuntu-upgrade-linux-image-6-8-0-1025-azure-fdeubuntu-upgrade-linux-image-6-8-0-54-genericubuntu-upgrade-linux-image-6-8-0-54-generic-64kubuntu-upgrade-linux-image-6-8-0-54-lowlatencyubuntu-upgrade-linux-image-6-8-0-54-lowlatency-64kubuntu-upgrade-linux-image-6-8-0-57-genericubuntu-upgrade-linux-image-6-8-0-57-generic-64kubuntu-upgrade-linux-image-awsubuntu-upgrade-linux-image-aws-lts-22-04ubuntu-upgrade-linux-image-aws-lts-24-04ubuntu-upgrade-linux-image-azureubuntu-upgrade-linux-image-azure-cvmubuntu-upgrade-linux-image-azure-fdeubuntu-upgrade-linux-image-azure-fde-lts-24-04ubuntu-upgrade-linux-image-azure-lts-22-04ubuntu-upgrade-linux-image-azure-lts-24-04ubuntu-upgrade-linux-image-azure-nvidiaubuntu-upgrade-linux-image-gcpubuntu-upgrade-linux-image-gcp-64kubuntu-upgrade-linux-image-gcp-64k-lts-24-04ubuntu-upgrade-linux-image-gcp-lts-22-04ubuntu-upgrade-linux-image-gcp-lts-24-04ubuntu-upgrade-linux-image-genericubuntu-upgrade-linux-image-generic-64kubuntu-upgrade-linux-image-generic-64k-hwe-20-04ubuntu-upgrade-linux-image-generic-64k-hwe-22-04ubuntu-upgrade-linux-image-generic-64k-hwe-24-04ubuntu-upgrade-linux-image-generic-hwe-20-04ubuntu-upgrade-linux-image-generic-hwe-22-04ubuntu-upgrade-linux-image-generic-hwe-24-04ubuntu-upgrade-linux-image-generic-lpaeubuntu-upgrade-linux-image-generic-lpae-hwe-20-04ubuntu-upgrade-linux-image-gkeubuntu-upgrade-linux-image-gke-5-15ubuntu-upgrade-linux-image-gkeopubuntu-upgrade-linux-image-gkeop-5-15ubuntu-upgrade-linux-image-gkeop-6-8ubuntu-upgrade-linux-image-ibmubuntu-upgrade-linux-image-ibm-classicubuntu-upgrade-linux-image-ibm-lts-24-04ubuntu-upgrade-linux-image-intelubuntu-upgrade-linux-image-intel-iotgubuntu-upgrade-linux-image-kvmubuntu-upgrade-linux-image-lowlatencyubuntu-upgrade-linux-image-lowlatency-64kubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04ubuntu-upgrade-linux-image-lowlatency-hwe-20-04ubuntu-upgrade-linux-image-lowlatency-hwe-22-04ubuntu-upgrade-linux-image-nvidiaubuntu-upgrade-linux-image-nvidia-6-8ubuntu-upgrade-linux-image-nvidia-64kubuntu-upgrade-linux-image-nvidia-64k-6-8ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04ubuntu-upgrade-linux-image-nvidia-hwe-22-04ubuntu-upgrade-linux-image-nvidia-lowlatencyubuntu-upgrade-linux-image-nvidia-lowlatency-64kubuntu-upgrade-linux-image-oem-20-04ubuntu-upgrade-linux-image-oem-20-04bubuntu-upgrade-linux-image-oem-20-04cubuntu-upgrade-linux-image-oem-20-04dubuntu-upgrade-linux-image-oem-22-04ubuntu-upgrade-linux-image-oem-22-04aubuntu-upgrade-linux-image-oem-22-04bubuntu-upgrade-linux-image-oem-22-04cubuntu-upgrade-linux-image-oem-22-04dubuntu-upgrade-linux-image-oem-24-04ubuntu-upgrade-linux-image-oem-24-04aubuntu-upgrade-linux-image-oem-24-04bubuntu-upgrade-linux-image-oracleubuntu-upgrade-linux-image-oracle-64kubuntu-upgrade-linux-image-oracle-64k-lts-24-04ubuntu-upgrade-linux-image-oracle-lts-22-04ubuntu-upgrade-linux-image-oracle-lts-24-04ubuntu-upgrade-linux-image-raspiubuntu-upgrade-linux-image-raspi-nolpaeubuntu-upgrade-linux-image-realtimeubuntu-upgrade-linux-image-realtime-hwe-24-04ubuntu-upgrade-linux-image-virtualubuntu-upgrade-linux-image-virtual-hwe-20-04ubuntu-upgrade-linux-image-virtual-hwe-22-04ubuntu-upgrade-linux-image-virtual-hwe-24-04ubuntu-upgrade-linux-image-xilinx-zynqmp

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today