CVE-2024-26845: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Add TMF to tmr_list handling An abort that is responded to by iSCSI itself is added to tmr_list but does not go to target core. A LUN_RESET that goes through tmr_list takes a refcounter on the abort and waits for completion. However, the abort will be never complete because it was not started in target core. Unable to locate ITT: 0x05000000 on CID: 0 Unable to locate RefTaskTag: 0x05000000 on CID: 0. wait_for_tasks: Stopping tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop wait for tasks: tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop ... INFO: task kworker/0:2:49 blocked for more than 491 seconds. task:kworker/0:2 state:D stack: 0 pid: 49 ppid: 2 flags:0x00000800 Workqueue: events target_tmr_work [target_core_mod] Call Trace: __switch_to+0x2c4/0x470 _schedule+0x314/0x1730 schedule+0x64/0x130 schedule_timeout+0x168/0x430 wait_for_completion+0x140/0x270 target_put_cmd_and_wait+0x64/0xb0 [target_core_mod] core_tmr_lun_reset+0x30/0xa0 [target_core_mod] target_tmr_work+0xc8/0x1b0 [target_core_mod] process_one_work+0x2d4/0x5d0 worker_thread+0x78/0x6c0 To fix this, only add abort to tmr_list if it will be handled by target core.
AI Analysis
Technical Summary
CVE-2024-26845 is a vulnerability in the Linux kernel's SCSI target core subsystem, specifically related to the handling of Task Management Functions (TMF) in the tmr_list. The issue arises because abort commands that are responded to by the iSCSI layer itself are added to the tmr_list but are not properly forwarded to the target core. When a LUN_RESET TMF is processed through the tmr_list, it takes a reference counter on the abort and waits for its completion. However, since the abort was never initiated in the target core, it never completes, causing the waiting process to hang indefinitely. This results in kernel worker threads being blocked for extended periods, as evidenced by logs showing tasks stuck for hundreds of seconds. The root cause is that aborts are added to the tmr_list without ensuring they will be handled by the target core, leading to a deadlock scenario. The fix involves modifying the kernel code to add aborts to the tmr_list only if they will be processed by the target core, preventing indefinite blocking. This vulnerability affects Linux kernel versions identified by the given commit hashes, and it impacts systems using the SCSI target functionality, particularly those leveraging iSCSI for storage networking. No known exploits are reported in the wild as of the publication date, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2024-26845 can be significant, especially for enterprises and data centers relying on Linux-based storage servers or SAN (Storage Area Network) infrastructure using iSCSI targets. The vulnerability can cause kernel worker threads to become indefinitely blocked, leading to degraded system performance, potential denial of service (DoS), and disruption of storage operations. This can affect critical applications dependent on reliable storage access, including cloud services, financial systems, telecommunications, and industrial control systems. The inability to complete TMF commands properly may result in stalled I/O operations, impacting data availability and potentially causing cascading failures in storage-dependent services. Although the vulnerability does not appear to allow direct code execution or privilege escalation, the denial of service impact on storage targets can have severe operational consequences. European organizations with high reliance on Linux storage servers or virtualization platforms using iSCSI targets are particularly at risk. The absence of known exploits reduces immediate threat but does not eliminate risk, especially if attackers develop targeted exploits to cause service disruption.
Mitigation Recommendations
To mitigate CVE-2024-26845, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available from trusted Linux distributions or kernel maintainers. 2) Audit and monitor systems running SCSI target services, particularly those using iSCSI, for signs of blocked kernel worker threads or unusual storage delays. 3) Implement proactive kernel and system monitoring to detect long-running or stuck kernel tasks related to target_core_mod workqueues. 4) Where possible, isolate critical storage target servers and limit access to trusted networks to reduce exposure to malicious TMF commands. 5) Consider temporary workarounds such as disabling iSCSI target functionality if it is not essential, until patches are applied. 6) Maintain up-to-date backups and disaster recovery plans to mitigate potential service disruptions caused by this vulnerability. 7) Engage with Linux distribution vendors and security mailing lists to track patch releases and advisories related to this CVE.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Norway, Italy, Spain, Poland
CVE-2024-26845: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Add TMF to tmr_list handling An abort that is responded to by iSCSI itself is added to tmr_list but does not go to target core. A LUN_RESET that goes through tmr_list takes a refcounter on the abort and waits for completion. However, the abort will be never complete because it was not started in target core. Unable to locate ITT: 0x05000000 on CID: 0 Unable to locate RefTaskTag: 0x05000000 on CID: 0. wait_for_tasks: Stopping tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop wait for tasks: tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop ... INFO: task kworker/0:2:49 blocked for more than 491 seconds. task:kworker/0:2 state:D stack: 0 pid: 49 ppid: 2 flags:0x00000800 Workqueue: events target_tmr_work [target_core_mod] Call Trace: __switch_to+0x2c4/0x470 _schedule+0x314/0x1730 schedule+0x64/0x130 schedule_timeout+0x168/0x430 wait_for_completion+0x140/0x270 target_put_cmd_and_wait+0x64/0xb0 [target_core_mod] core_tmr_lun_reset+0x30/0xa0 [target_core_mod] target_tmr_work+0xc8/0x1b0 [target_core_mod] process_one_work+0x2d4/0x5d0 worker_thread+0x78/0x6c0 To fix this, only add abort to tmr_list if it will be handled by target core.
AI-Powered Analysis
Technical Analysis
CVE-2024-26845 is a vulnerability in the Linux kernel's SCSI target core subsystem, specifically related to the handling of Task Management Functions (TMF) in the tmr_list. The issue arises because abort commands that are responded to by the iSCSI layer itself are added to the tmr_list but are not properly forwarded to the target core. When a LUN_RESET TMF is processed through the tmr_list, it takes a reference counter on the abort and waits for its completion. However, since the abort was never initiated in the target core, it never completes, causing the waiting process to hang indefinitely. This results in kernel worker threads being blocked for extended periods, as evidenced by logs showing tasks stuck for hundreds of seconds. The root cause is that aborts are added to the tmr_list without ensuring they will be handled by the target core, leading to a deadlock scenario. The fix involves modifying the kernel code to add aborts to the tmr_list only if they will be processed by the target core, preventing indefinite blocking. This vulnerability affects Linux kernel versions identified by the given commit hashes, and it impacts systems using the SCSI target functionality, particularly those leveraging iSCSI for storage networking. No known exploits are reported in the wild as of the publication date, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2024-26845 can be significant, especially for enterprises and data centers relying on Linux-based storage servers or SAN (Storage Area Network) infrastructure using iSCSI targets. The vulnerability can cause kernel worker threads to become indefinitely blocked, leading to degraded system performance, potential denial of service (DoS), and disruption of storage operations. This can affect critical applications dependent on reliable storage access, including cloud services, financial systems, telecommunications, and industrial control systems. The inability to complete TMF commands properly may result in stalled I/O operations, impacting data availability and potentially causing cascading failures in storage-dependent services. Although the vulnerability does not appear to allow direct code execution or privilege escalation, the denial of service impact on storage targets can have severe operational consequences. European organizations with high reliance on Linux storage servers or virtualization platforms using iSCSI targets are particularly at risk. The absence of known exploits reduces immediate threat but does not eliminate risk, especially if attackers develop targeted exploits to cause service disruption.
Mitigation Recommendations
To mitigate CVE-2024-26845, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available from trusted Linux distributions or kernel maintainers. 2) Audit and monitor systems running SCSI target services, particularly those using iSCSI, for signs of blocked kernel worker threads or unusual storage delays. 3) Implement proactive kernel and system monitoring to detect long-running or stuck kernel tasks related to target_core_mod workqueues. 4) Where possible, isolate critical storage target servers and limit access to trusted networks to reduce exposure to malicious TMF commands. 5) Consider temporary workarounds such as disabling iSCSI target functionality if it is not essential, until patches are applied. 6) Maintain up-to-date backups and disaster recovery plans to mitigate potential service disruptions caused by this vulnerability. 7) Engage with Linux distribution vendors and security mailing lists to track patch releases and advisories related to this CVE.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.182Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982bc4522896dcbe3d61
Added to database: 5/21/2025, 9:08:59 AM
Last enriched: 6/29/2025, 7:25:39 PM
Last updated: 7/31/2025, 3:53:01 AM
Views: 10
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.