See Recorded Future’s Threat Intelligence Solutions in Action

See our Threat Intelligence Solutions in Action

Reduce risk and mitigate cyber attacks, no matter your IT & security stack, maturity journey, or industry

Book a free demo

View Solutions to Reduce Risk

See Recorded Future’s Intelligence in Action

Reduce operational risk through timely, precise, and actionable intelligence.

Book a free demo

Intelligence Cloud Overview

View Services & Support Overview

View Research Overview

CVE-2024-24855

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Published Feb 5, 2024

Updated: Feb 10, 2024

CWE ID 476

CWE ID 362

Summary

CVE-2024-24855 is a newly discovered vulnerability affecting the Linux kernel's scsi device driver. Specifically, a race condition was identified in the lpfc_unregister_fcf_rescan() function. This issue can result in a null pointer dereference, potentially causing a kernel panic or denial of service. The race condition occurs due to improper handling of device registration and deregistration, allowing an attacker to exploit the vulnerability and gain unintended system behavior. The impact of this vulnerability could range from a simple denial of service to more severe consequences, such as system crashes or potential privilege escalation. It is recommended that affected systems be updated as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Advisories, Assessments, and Mitigations

Back to Vulnerability Database