CVE-2024-46843

MEDIUM EPSS 14.0%
Published Sep 27, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Sep 27, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Remove SCSI host only if added If host tries to remove ufshcd driver from a UFS device it would cause a kernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before adding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host has been defered after MCQ configuration introduced by commit 0cab4023ec7b ("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported"). To guarantee that SCSI host is removed only if it has been added, set the scsi_host_added flag to true after adding a SCSI host and check whether it is set or not before removing it.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
14.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 2

VendorProductVersionRange
linuxlinux_kernel* <6.6.51
linuxlinux_kernel*≥6.7  –  <6.10.10

References 3

  • git.kernel.org https://git.kernel.org/stable/c/2f49e05d6b58d660f035a75ff96b77071b4bd5ed
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3844586e9bd9845140e1078f1e61896b576ac536
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7cbff570dbe8907e23bba06f6414899a0fbb2fcc
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2f49e05d6b58d660f035a75ff96b77071b4bd5ed
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3844586e9bd9845140e1078f1e61896b576ac536
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7cbff570dbe8907e23bba06f6414899a0fbb2fcc
    Patch