CVE-2024-35954: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-35954 is a vulnerability in the Linux kernel's SCSI subsystem, specifically in the sg (SCSI generic) driver. The vulnerability was discovered and disclosed on May 20, 2024. It affects Linux kernel versions from 6.4.7 to 6.6.28 and 6.7 to 6.8.7. The issue involves a race condition in the sg device teardown process (NVD).

The vulnerability stems from a race condition in the sgremovesfpusercontext() function where sgdevicedestroy() is called after scsideviceput(). The issue occurs because sgdevicedestroy() attempts to access the parent scsidevice requestqueue which becomes NULL after scsideviceput() removes the last reference to the parent scsidevice. This sequence results in a NULL pointer exception that can crash the kernel. The vulnerability has been assigned a CVSS v3.1 base score of 4.7 (Medium) with vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can cause a NULL pointer exception that leads to a kernel crash, resulting in a denial of service condition. The impact is limited to local attacks and requires low privileges to execute (NVD).

The vulnerability has been fixed in the Linux kernel through patches that correct the device teardown sequence. The fix involves restructuring the code to ensure proper ordering of operations in sgremovesfp_usercontext(). Updates are available in various Linux distributions, including Ubuntu 24.04 LTS which has released version 6.8.0-38.38 to address this issue (Kernel Patch).