CVE-2024-49863: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49863 is a null pointer dereference vulnerability discovered in the Linux kernel's vhost/scsi subsystem. The issue was introduced by commit 3f8ca2e115e5 ("vhost/scsi: Extract common handling code from control queue handler") and affects Linux kernel versions from 4.20 through 6.10.14. The vulnerability exists in the vhostscsiget_req() function where a null pointer dereference can occur when a guest sends an SCSI AN request (Kernel Git).

The vulnerability occurs in the vhostscsictlhandlevq() function where vc.target is assigned with &v_req.tmf.lun[1] within a switch-case block and passed to vhostscsigetreq() which extracts vc->req and tpg. For VIRTIOSCSITAN* requests, tpg is not required, so vc.target is set to NULL. However, vhostscsigetreq() dereferences vc->target without proper null checking. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can cause the vhost_worker process to be killed while holding vq->mutex, resulting in the corresponding tpg remaining occupied indefinitely. This leads to a denial of service condition affecting the system's SCSI subsystem functionality (Kernel Git).

The vulnerability has been fixed by adding a proper null pointer check in the vhostscsiget_req() function. System administrators should update to patched kernel versions. The fix has been backported to multiple stable kernel branches including 5.15.x, 6.1.x, and 6.6.x (NVD).