{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-36478","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-06-21T10:13:16.284Z","datePublished":"2024-06-21T10:18:09.027Z","dateUpdated":"2025-11-03T21:55:17.674Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:11:07.932Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'\n\nWriting 'power' and 'submit_queues' concurrently will trigger kernel\npanic:\n\nTest script:\n\nmodprobe null_blk nr_devices=0\nmkdir -p /sys/kernel/config/nullb/nullb0\nwhile true; do echo 1 > submit_queues; echo 4 > submit_queues; done &\nwhile true; do echo 1 > power; echo 0 > power; done\n\nTest result:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000148\nOops: 0000 [#1] PREEMPT SMP\nRIP: 0010:__lock_acquire+0x41d/0x28f0\nCall Trace:\n <TASK>\n lock_acquire+0x121/0x450\n down_write+0x5f/0x1d0\n simple_recursive_removal+0x12f/0x5c0\n blk_mq_debugfs_unregister_hctxs+0x7c/0x100\n blk_mq_update_nr_hw_queues+0x4a3/0x720\n nullb_update_nr_hw_queues+0x71/0xf0 [null_blk]\n nullb_device_submit_queues_store+0x79/0xf0 [null_blk]\n configfs_write_iter+0x119/0x1e0\n vfs_write+0x326/0x730\n ksys_write+0x74/0x150\n\nThis is because del_gendisk() can concurrent with\nblk_mq_update_nr_hw_queues():\n\nnullb_device_power_store\tnullb_apply_submit_queues\n null_del_dev\n del_gendisk\n\t\t\t\t nullb_update_nr_hw_queues\n\t\t\t\t  if (!dev->nullb)\n\t\t\t\t  // still set while gendisk is deleted\n\t\t\t\t   return 0\n\t\t\t\t  blk_mq_update_nr_hw_queues\n dev->nullb = NULL\n\nFix this problem by resuing the global mutex to protect\nnullb_device_power_store() and nullb_update_nr_hw_queues() from configfs."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/block/null_blk/main.c"],"versions":[{"version":"45919fbfe1c487c17ea1d198534339a5e8abeae3","lessThan":"1d4c8baef435c98e8d5aa7027dc5a9f70834ba16","status":"affected","versionType":"git"},{"version":"45919fbfe1c487c17ea1d198534339a5e8abeae3","lessThan":"aaadb755f2d684f715a6eb85cb7243aa0c67dfa9","status":"affected","versionType":"git"},{"version":"45919fbfe1c487c17ea1d198534339a5e8abeae3","lessThan":"5d0495473ee4c1d041b5a917f10446a22c047f47","status":"affected","versionType":"git"},{"version":"45919fbfe1c487c17ea1d198534339a5e8abeae3","lessThan":"a2db328b0839312c169eb42746ec46fc1ab53ed2","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/block/null_blk/main.c"],"versions":[{"version":"5.5","status":"affected"},{"version":"0","lessThan":"5.5","status":"unaffected","versionType":"semver"},{"version":"6.1.119","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.55","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.9.4","lessThanOrEqual":"6.9.*","status":"unaffected","versionType":"semver"},{"version":"6.10","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.1.119"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.6.55"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.9.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.10"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1d4c8baef435c98e8d5aa7027dc5a9f70834ba16"},{"url":"https://git.kernel.org/stable/c/aaadb755f2d684f715a6eb85cb7243aa0c67dfa9"},{"url":"https://git.kernel.org/stable/c/5d0495473ee4c1d041b5a917f10446a22c047f47"},{"url":"https://git.kernel.org/stable/c/a2db328b0839312c169eb42746ec46fc1ab53ed2"}],"title":"null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/5d0495473ee4c1d041b5a917f10446a22c047f47","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/a2db328b0839312c169eb42746ec46fc1ab53ed2","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T21:55:17.674Z"}},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-36478","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T17:09:31.490057Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:34:45.770Z"}}]}}