CVE-2024-53170

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6

Description A use-after-free vulnerability has been identified in the Linux kernel, specifically in the block layer. The issue arises when the blk mq clear flush rq mapping() function is not called during the SCSI probe, leading to a situation where the QUEUE FLAG INIT DONE flag is cleared, causing a use-after-free error in the blk mq find and get req() function. This vulnerability can be exploited by an attacker to potentially gain elevated privileges or cause a denial-of-service condition.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, for Linux kernel version 6.6, ensure that the patch for this issue is applied. If the patch is not available, consider disabling the affected functionality or restricting access to the vulnerable component as a temporary workaround.

Note: The provided information does not include specific guidance on how to apply the patch or update the kernel. It is recommended to follow the standard procedure for updating the Linux kernel on your system.