CVE-2024-46737: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46737 is a vulnerability in the Linux kernel's NVMe over TCP target driver that was discovered and disclosed in September 2024. The vulnerability affects Linux kernel versions from 5.0 up to versions before 5.4.284, 5.10.226, 5.15.167, 6.1.110, 6.6.51, and 6.10.10. This issue occurs in the nvmet-tcp subsystem when commands allocation fails, leading to a potential kernel crash (NVD).

The vulnerability is caused by a NULL pointer dereference in the nvmettcpreleasequeuework() function when commands allocation fails in nvmettcpalloc_cmds(). The issue stems from not properly handling the failure case of command allocation, which results in a kernel crash at virtual address 0x0000000000000008. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access required with low attack complexity (NVD).

When exploited, this vulnerability can cause a kernel crash, leading to a denial of service condition on affected systems. The impact is limited to availability (A:H in CVSS score) with no direct impact on confidentiality or integrity of the system (NVD).

The vulnerability has been fixed by setting queue->nrcmds to zero in case nvmettcpalloccmd() fails. The fix has been implemented in various Linux kernel versions and is available through distribution-specific updates. Multiple Linux distributions have released patches, including Ubuntu, which has fixed versions available for 24.04 LTS (6.8.0-50.51), 22.04 LTS (5.15.0-125.135), and 20.04 LTS (5.4.0-200.220) (Ubuntu).