{"id":"CVE-2024-26845","summary":"scsi: target: core: Add TMF to tmr_list handling","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Add TMF to tmr_list handling\n\nAn abort that is responded to by iSCSI itself is added to tmr_list but does\nnot go to target core. A LUN_RESET that goes through tmr_list takes a\nrefcounter on the abort and waits for completion. However, the abort will\nbe never complete because it was not started in target core.\n\n Unable to locate ITT: 0x05000000 on CID: 0\n Unable to locate RefTaskTag: 0x05000000 on CID: 0.\n wait_for_tasks: Stopping tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop\n wait for tasks: tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop\n...\n INFO: task kworker/0:2:49 blocked for more than 491 seconds.\n task:kworker/0:2     state:D stack:    0 pid:   49 ppid:     2 flags:0x00000800\n Workqueue: events target_tmr_work [target_core_mod]\nCall Trace:\n __switch_to+0x2c4/0x470\n _schedule+0x314/0x1730\n schedule+0x64/0x130\n schedule_timeout+0x168/0x430\n wait_for_completion+0x140/0x270\n target_put_cmd_and_wait+0x64/0xb0 [target_core_mod]\n core_tmr_lun_reset+0x30/0xa0 [target_core_mod]\n target_tmr_work+0xc8/0x1b0 [target_core_mod]\n process_one_work+0x2d4/0x5d0\n worker_thread+0x78/0x6c0\n\nTo fix this, only add abort to tmr_list if it will be handled by target\ncore.","modified":"2026-03-20T12:35:15.794430Z","published":"2024-04-17T10:10:09.337Z","related":["SUSE-SU-2024:2360-1","SUSE-SU-2024:2372-1","SUSE-SU-2024:2381-1","SUSE-SU-2024:2394-1","SUSE-SU-2024:2561-1","SUSE-SU-2024:2571-1","SUSE-SU-2024:2896-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:2973-1","SUSE-SU-2025:20008-1","SUSE-SU-2025:20028-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26845.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/11f3fe5001ed05721e641f0ecaa7a73b7deb245d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/168ed59170de1fd7274080fe102216162d6826cf"},{"type":"WEB","url":"https://git.kernel.org/stable/c/36bc5040c863b44af06094b22f1e50059227b9cb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/425a571a7e6fc389954cf2564e1edbba3740e171"},{"type":"WEB","url":"https://git.kernel.org/stable/c/83ab68168a3d990d5ff39ab030ad5754cbbccb25"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a9849b67b4402a12eb35eadc9306c1ef9847d53d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bd508f96b5fef96d8a0ce9cbb211d82bcfc2341f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e717bd412001495f17400bfc09f606f1b594ef5a"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26845.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26845"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"2281c95fe751325874d135b237ecdcd3bc34cc26"},{"fixed":"11f3fe5001ed05721e641f0ecaa7a73b7deb245d"},{"fixed":"168ed59170de1fd7274080fe102216162d6826cf"},{"fixed":"a9849b67b4402a12eb35eadc9306c1ef9847d53d"},{"fixed":"e717bd412001495f17400bfc09f606f1b594ef5a"},{"fixed":"36bc5040c863b44af06094b22f1e50059227b9cb"},{"fixed":"bd508f96b5fef96d8a0ce9cbb211d82bcfc2341f"},{"fixed":"83ab68168a3d990d5ff39ab030ad5754cbbccb25"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26845.json"}}],"schema_version":"1.7.5"}