PT-2024-7295 · Linux+10 · Linux Kernel+10

Published

2024-02-01

·

Updated

2026-03-14

·

CVE-2024-26769

CVSS v2.0

4.6

Medium

VectorAV:L/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue is related to a deadlock in the nvmet-fc component of the Linux kernel. When deleting an association, the shutdown path is deadlocking because it tries to flush the nvmet wq nested. This can be avoided by deferring the put work into its own work item. The vulnerability is associated with incorrect locking in functions such as nvmet fc tgt a get(), nvmet fc finish ls req(), and nvmet fc register targetport() in drivers/nvme/target/fc.c. Exploitation of this vulnerability may allow an attacker to cause a denial of service.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

ALSA-2024:7000
ALSA-2024:7001
ALSA-2025_16880
BDU:2024-08649
CESA-2024_7000
CESA-2024_7001
CVE-2024-26769
DSA-5658-1
INFSA-2024_7000
INFSA-2024_7001
OPENSUSE-SU-2024_1490-1
OPENSUSE-SU-2024_1659-1
OPENSUSE-SU-2024_1663-1
RHSA-2024:7000
RHSA-2024:7001
RHSA-2024_7000
RHSA-2024_7001
RLSA-2024:7001
SUSE-SU-2024:1490-1
SUSE-SU-2024:1659-1
SUSE-SU-2024:1663-1
SUSE-SU-2024:2135-1
SUSE-SU-2024:2203-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
USN-6820-1
USN-6820-2
USN-6821-1
USN-6821-2
USN-6821-3
USN-6821-4
USN-6828-1
USN-6871-1
USN-6892-1
USN-6919-1

Affected Products

Almalinux
Astra Linux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu