VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-a1s8-xmrh-9bf3

Essentials
Severities (6)
References (18)
Severity details (4)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-a1s8-xmrh-9bf3
Aliases	CVE-2024-41082
Summary	In the Linux kernel, the following vulnerability has been resolved: nvme-fabrics: use reserved tag for reg read/write command In some scenarios, if too many commands are issued by nvme command in the same time by user tasks, this may exhaust all tags of admin_q. If a reset (nvme reset or IO timeout) occurs before these commands finish, reconnect routine may fail to update nvme regs due to insufficient tags, which will cause kernel hang forever. In order to workaround this issue, maybe we can let reg_read32()/reg_read64()/reg_write32() use reserved tags. This maybe safe for nvmf: 1. For the disable ctrl path, we will not issue connect command 2. For the enable ctrl / fw activate path, since connect and reg_xx() are called serially. So the reserved tags may still be enough while reg_xx() use reserved tags.
Status	Published
Exploitability	0.5
Weighted Severity	5.0
Risk	2.5
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-99

Improper Control of Resource Identifiers ('Resource Injection')

System	Score	Found at
cvssv3	5.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41082.json
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2024-41082
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2024-41082
cvssv3.1	5.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc	Track	https://git.kernel.org/stable/c/165da9c67a26f08c9b956c15d701da7690f45bcb
ssvc	Track	https://git.kernel.org/stable/c/7dc3bfcb4c9cc58970fff6aaa48172cb224d85aa

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41082.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-41082
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41082
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
165da9c67a26f08c9b956c15d701da7690f45bcb		https://git.kernel.org/stable/c/165da9c67a26f08c9b956c15d701da7690f45bcb
2300459		https://bugzilla.redhat.com/show_bug.cgi?id=2300459
7dc3bfcb4c9cc58970fff6aaa48172cb224d85aa		https://git.kernel.org/stable/c/7dc3bfcb4c9cc58970fff6aaa48172cb224d85aa
RHSA-2024:9315		https://access.redhat.com/errata/RHSA-2024:9315
USN-7089-1		https://usn.ubuntu.com/7089-1/
USN-7089-2		https://usn.ubuntu.com/7089-2/
USN-7089-3		https://usn.ubuntu.com/7089-3/
USN-7089-4		https://usn.ubuntu.com/7089-4/
USN-7089-5		https://usn.ubuntu.com/7089-5/
USN-7089-6		https://usn.ubuntu.com/7089-6/
USN-7089-7		https://usn.ubuntu.com/7089-7/
USN-7090-1		https://usn.ubuntu.com/7090-1/
USN-7095-1		https://usn.ubuntu.com/7095-1/
USN-7156-1		https://usn.ubuntu.com/7156-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41082.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:21:02Z/ Found at https://git.kernel.org/stable/c/165da9c67a26f08c9b956c15d701da7690f45bcb

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:21:02Z/ Found at https://git.kernel.org/stable/c/7dc3bfcb4c9cc58970fff6aaa48172cb224d85aa

Exploit Prediction Scoring System (EPSS)

Percentile	0.02881
EPSS Score	0.00014
Published At	June 5, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T16:51:08.845967+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	38.6.0