CVE-2024-26846

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a double free error in the nvme-fc component of the Linux kernel. The module exit path has a race between deleting all controllers and freeing 'left over IDs'. To prevent double free, a synchronization between nvme delete ctrl and ida destroy has been added. There is some logic to prevent hanging forever in wait for completion, though it does not handle all cases. For example, blktests can reproduce the situation where the module unload hangs forever. The cleanup code executed from the nvme delete ctrl path can free all IDs eventually, making ida destroy unnecessary. The fix involves flushing the nvme delete wq workqueue to ensure all nvme delete ctrl code is executed before leaving nvme fc exit module. The unused nvme fc wq workqueue is also removed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.