CVE-2024-46843

scsi: ufs: core: Remove SCSI host only if added

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Remove SCSI host only if added If host tries to remove ufshcd driver from a UFS device it would cause a kernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before adding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host has been defered after MCQ configuration introduced by commit 0cab4023ec7b ("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported"). To guarantee that SCSI host is removed only if it has been added, set the scsi_host_added flag to true after adding a SCSI host and check whether it is set or not before removing it.

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/2f49e05d6b58d660f035a75ff96b77071b4bd5ed patch
https://git.kernel.org/stable/c/3844586e9bd9845140e1078f1e61896b576ac536 patch
https://git.kernel.org/stable/c/7cbff570dbe8907e23bba06f6414899a0fbb2fcc patch

Frequently Asked Questions

What is the severity of CVE-2024-46843?
CVE-2024-46843 has been scored as a medium severity vulnerability.
How to fix CVE-2024-46843?
To fix CVE-2024-46843, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-46843 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-46843 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-46843?
CVE-2024-46843 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.