CVE-2024-53170
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's block layer that occurs when flush requests are not properly cleared from tags during SCSI disk removal. The vulnerability allows attackers with local access to potentially crash the system or execute arbitrary code. It affects Linux systems using SCSI storage with specific kernel versions.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level code execution, leading to complete system compromise.
Likely Case
Kernel panic or system crash causing denial of service.
If Mitigated
No impact if proper kernel hardening and access controls prevent local attackers from triggering the condition.
🎯 Exploit Status
Discovered via syzkaller fuzzing; exploitation would require sophisticated local attack to achieve code execution.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in kernel commits: 1364a29b71c7837770f1902c49e7a6e234d72c92, 1921fe7d2836f8be1d321cf430d17e0d4e05301b, 3802f73bd80766d70f319658f334754164075bc3, 61092568f2a9acb0e6e186f03f2e0649a4e86d09, a0e93b9fefafe97d596f9c98701ae6c3b04b3ff6
Vendor Advisory: https://git.kernel.org/stable/c/1364a29b71c7837770f1902c49e7a6e234d72c92
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for backported patches. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Restrict local access
linuxLimit local user access to systems with vulnerable kernels to reduce attack surface.
Avoid unnecessary SCSI operations
linuxMinimize SCSI disk hot-removal operations that could trigger the vulnerability.
🧯 If You Can't Patch
- Implement strict access controls to prevent local users from executing privileged operations
- Monitor systems for kernel panics or crashes related to block layer operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with patched commits: uname -r and examine kernel source for the fix commits.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits or check with distribution-specific security updates.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- KASAN reports of use-after-free in blk_mq_find_and_get_req
- System crashes during SCSI operations
SIEM Query:
Search for kernel panic events or KASAN error reports in system logs🔗 References
- https://git.kernel.org/stable/c/1364a29b71c7837770f1902c49e7a6e234d72c92
- https://git.kernel.org/stable/c/1921fe7d2836f8be1d321cf430d17e0d4e05301b
- https://git.kernel.org/stable/c/3802f73bd80766d70f319658f334754164075bc3
- https://git.kernel.org/stable/c/61092568f2a9acb0e6e186f03f2e0649a4e86d09
- https://git.kernel.org/stable/c/a0e93b9fefafe97d596f9c98701ae6c3b04b3ff6
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
