CVE-2024-46737

nvmet-tcp: fix kernel crash if commands allocation fails

Description

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix kernel crash if commands allocation fails If the commands allocation fails in nvmet_tcp_alloc_cmds() the kernel crashes in nvmet_tcp_release_queue_work() because of a NULL pointer dereference. nvmet: failed to install queue 0 cntlid 1 ret 6 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Fix the bug by setting queue->nr_cmds to zero in case nvmet_tcp_alloc_cmd() fails.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/03e1fd0327fa5e2174567f5fe9290fe21d21b8f4 patch
https://git.kernel.org/stable/c/50632b877ce55356f5d276b9add289b1e7ddc683 patch
https://git.kernel.org/stable/c/91dad30c5607e62864f888e735d0965567827bdf patch
https://git.kernel.org/stable/c/7957c731fc2b23312f8935812dee5a0b14b04e2d patch
https://git.kernel.org/stable/c/489f2913a63f528cfe3f21722583fb981967ecda patch
https://git.kernel.org/stable/c/6c04d1e3ab22cc5394ef656429638a5947f87244 patch
https://git.kernel.org/stable/c/5572a55a6f830ee3f3a994b6b962a5c327d28cb3 patch

Frequently Asked Questions

What is the severity of CVE-2024-46737?
CVE-2024-46737 has been scored as a medium severity vulnerability.
How to fix CVE-2024-46737?
To fix CVE-2024-46737, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-46737 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-46737 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-46737?
CVE-2024-46737 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.