CVE-2024-56764

HIGH 7.8

ublk: detach gendisk from ublk device if add_disk() fails

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: ublk: detach gendisk from ublk device if add_disk() fails Inside ublk_abort_requests(), gendisk is grabbed for aborting all inflight requests. And ublk_abort_requests() is called when exiting the uring context or handling timeout. If add_disk() fails, the gendisk may have been freed when calling ublk_abort_requests(), so use-after-free can be caused when getting disk's reference in ublk_abort_requests(). Fixes the bug by detaching gendisk from ublk device if add_disk() fails.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Jan 6, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new high vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

bd23f6c2c2d00518e2f27f2d25cef795de9bee56 < 7d680f2f76a3417fdfc3946da7471e81464f7b41 bd23f6c2c2d00518e2f27f2d25cef795de9bee56 < 75cd4005da5492129917a4a4ee45e81660556104

Linux / Linux

6.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/7d680f2f76a3417fdfc3946da7471e81464f7b41 git.kernel.org: https://git.kernel.org/stable/c/75cd4005da5492129917a4a4ee45e81660556104