{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-26845","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-19T14:20:24.182Z","datePublished":"2024-04-17T10:10:09.337Z","dateUpdated":"2026-05-11T20:05:15.296Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T20:05:15.296Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Add TMF to tmr_list handling\n\nAn abort that is responded to by iSCSI itself is added to tmr_list but does\nnot go to target core. A LUN_RESET that goes through tmr_list takes a\nrefcounter on the abort and waits for completion. However, the abort will\nbe never complete because it was not started in target core.\n\n Unable to locate ITT: 0x05000000 on CID: 0\n Unable to locate RefTaskTag: 0x05000000 on CID: 0.\n wait_for_tasks: Stopping tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop\n wait for tasks: tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop\n...\n INFO: task kworker/0:2:49 blocked for more than 491 seconds.\n task:kworker/0:2     state:D stack:    0 pid:   49 ppid:     2 flags:0x00000800\n Workqueue: events target_tmr_work [target_core_mod]\nCall Trace:\n __switch_to+0x2c4/0x470\n _schedule+0x314/0x1730\n schedule+0x64/0x130\n schedule_timeout+0x168/0x430\n wait_for_completion+0x140/0x270\n target_put_cmd_and_wait+0x64/0xb0 [target_core_mod]\n core_tmr_lun_reset+0x30/0xa0 [target_core_mod]\n target_tmr_work+0xc8/0x1b0 [target_core_mod]\n process_one_work+0x2d4/0x5d0\n worker_thread+0x78/0x6c0\n\nTo fix this, only add abort to tmr_list if it will be handled by target\ncore."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/target/target_core_device.c","drivers/target/target_core_transport.c"],"versions":[{"version":"2281c95fe751325874d135b237ecdcd3bc34cc26","lessThan":"11f3fe5001ed05721e641f0ecaa7a73b7deb245d","status":"affected","versionType":"git"},{"version":"2281c95fe751325874d135b237ecdcd3bc34cc26","lessThan":"168ed59170de1fd7274080fe102216162d6826cf","status":"affected","versionType":"git"},{"version":"2281c95fe751325874d135b237ecdcd3bc34cc26","lessThan":"a9849b67b4402a12eb35eadc9306c1ef9847d53d","status":"affected","versionType":"git"},{"version":"2281c95fe751325874d135b237ecdcd3bc34cc26","lessThan":"e717bd412001495f17400bfc09f606f1b594ef5a","status":"affected","versionType":"git"},{"version":"2281c95fe751325874d135b237ecdcd3bc34cc26","lessThan":"36bc5040c863b44af06094b22f1e50059227b9cb","status":"affected","versionType":"git"},{"version":"2281c95fe751325874d135b237ecdcd3bc34cc26","lessThan":"bd508f96b5fef96d8a0ce9cbb211d82bcfc2341f","status":"affected","versionType":"git"},{"version":"2281c95fe751325874d135b237ecdcd3bc34cc26","lessThan":"83ab68168a3d990d5ff39ab030ad5754cbbccb25","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/target/target_core_device.c","drivers/target/target_core_transport.c"],"versions":[{"version":"5.1","status":"affected"},{"version":"0","lessThan":"5.1","status":"unaffected","versionType":"semver"},{"version":"5.4.270","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.211","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.150","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.80","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.19","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.7.7","lessThanOrEqual":"6.7.*","status":"unaffected","versionType":"semver"},{"version":"6.8","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"5.4.270"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"5.10.211"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"5.15.150"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"6.1.80"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"6.6.19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"6.7.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"6.8"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/11f3fe5001ed05721e641f0ecaa7a73b7deb245d"},{"url":"https://git.kernel.org/stable/c/168ed59170de1fd7274080fe102216162d6826cf"},{"url":"https://git.kernel.org/stable/c/a9849b67b4402a12eb35eadc9306c1ef9847d53d"},{"url":"https://git.kernel.org/stable/c/e717bd412001495f17400bfc09f606f1b594ef5a"},{"url":"https://git.kernel.org/stable/c/36bc5040c863b44af06094b22f1e50059227b9cb"},{"url":"https://git.kernel.org/stable/c/bd508f96b5fef96d8a0ce9cbb211d82bcfc2341f"},{"url":"https://git.kernel.org/stable/c/83ab68168a3d990d5ff39ab030ad5754cbbccb25"}],"title":"scsi: target: core: Add TMF to tmr_list handling","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-26845","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-05-28T19:57:59.068880Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:48:22.368Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T00:14:13.663Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/425a571a7e6fc389954cf2564e1edbba3740e171","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/11f3fe5001ed05721e641f0ecaa7a73b7deb245d","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/168ed59170de1fd7274080fe102216162d6826cf","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/a9849b67b4402a12eb35eadc9306c1ef9847d53d","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/e717bd412001495f17400bfc09f606f1b594ef5a","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/36bc5040c863b44af06094b22f1e50059227b9cb","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/bd508f96b5fef96d8a0ce9cbb211d82bcfc2341f","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/83ab68168a3d990d5ff39ab030ad5754cbbccb25","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","tags":["x_transferred"]}]}]},"dataVersion":"5.2"}