PT-2024-7889 · Linux+8 · Linux Kernel+8

Published

2024-03-10

·

Updated

2025-10-10

·

CVE-2024-26931

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.18.0-372.9.1.el8.x86 64
Description The vulnerability is related to the qla2xxx component in the Linux kernel, which can cause a system crash due to a command failed to flush back to the SCSI layer. This occurs when the driver is under memory stress and unable to allocate an SRB to carry out error recovery of cable pull, leading to a null pointer dereference. The issue can be exploited to cause a denial of service.
Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the scsi: qla2xxx: Fix command flush on cable pull vulnerability. Specifically, update to a version later than 4.18.0-372.9.1.el8.x86 64.
Note: The provided information does not specify the exact version that includes the fix, so it is recommended to update to the latest available version.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2024:6997
ALSA-2025_16880
BDU:2024-09393
CESA-2024_5101
CVE-2024-26931
DLA-3840-1
DLA-3842-1
DSA-5681-1
INFSA-2024_6997
RHSA-2024:4823
RHSA-2024:4831
RHSA-2024:5101
RHSA-2024:6997
RHSA-2024_5101
RHSA-2024_6997
SUSE-SU-2024:1643-1
SUSE-SU-2024:1646-1
SUSE-SU-2024:1870-1
SUSE-SU-2024:1983-1
SUSE-SU-2024:2008-1
SUSE-SU-2024:2019-1
SUSE-SU-2024:2184-1
SUSE-SU-2024:2190-1
SUSE-SU-2025:0834-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
SUSE-SU-2025_0834-1
USN-6816-1
USN-6817-1
USN-6817-2
USN-6817-3
USN-6878-1
USN-6896-1
USN-6896-2
USN-6896-3
USN-6896-4
USN-6896-5
USN-6898-1
USN-6898-2
USN-6898-3
USN-6898-4
USN-6917-1
USN-6919-1
USN-6927-1
USN-7019-1

Affected Products

Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu