How severe is CVE-2024-26846?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2024-26846?

This is classified as CWE-415, which is a common weakness in software security.

CVE-2024-26846 - MEDIUM Severity | CVSS 4.4

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain when unloading module The module exit path has race between deleting all controllers and freeing 'left over IDs'. To prevent double free a synchronization between nvme_delete_ctrl and ida_destroy has been added by the initial commit. There is some logic around trying to prevent from hanging forever in wait_for_completion, though it does not handling all cases. E.g. blktests is able to reproduce the situation where the module unload hangs forever. If we completely rely on the cleanup code executed from the nvme_delete_ctrl path, all IDs will be freed eventually. This makes calling ida_destroy unnecessary. We only have to ensure that all nvme_delete_ctrl code has been executed before we leave nvme_fc_exit_module. This is done by flushing the nvme_delete_wq workqueue. While at it, remove the unused nvme_fc_wq workqueue too.

Related Vulnerabilities

CVE-2023-7256

MEDIUM

CVSS:4.4(Medium)

In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the ...

CWE-4152023

CVE-2024-42123

MEDIUM

CVSS:4.4(Medium)

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix double free err_addr pointer warnings In amdgpu_umc_bad_page_polling_timeout, the amdgpu_umc_handle_bad_pages will b...

CWE-4152024

CVE-2019-15212

MEDIUM

CVSS:4.6(Medium)

An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.

CWE-4152019

CVE-2023-26545

MEDIUM

CVSS:4.7(Medium)

In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.

CWE-4152023

CVE-2024-26652

MEDIUM

CVSS:4.1(Medium)

In the Linux kernel, the following vulnerability has been resolved: net: pds_core: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_de...

CWE-4152024

CVE-2021-25477

MEDIUM

CVSS:4.9(Medium)

An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service.

CWE-4152021