CVE-2024-44995

Sept. 15, 2024, 6:15 p.m.

5.5
Medium

Description

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix a deadlock problem when config TC during resetting When config TC during the reset process, may cause a deadlock, the flow is as below: pf reset start │ ▼ ...... setup tc │ │ ▼ ▼ DOWN: napi_disable() napi_disable()(skip) │ │ │ ▼ ▼ ...... ...... │ │ ▼ │ napi_enable() │ ▼ UINIT: netif_napi_del() │ ▼ ...... │ ▼ INIT: netif_napi_add() │ ▼ ...... global reset start │ │ ▼ ▼ UP: napi_enable()(skip) ...... │ │ ▼ ▼ ...... napi_disable() In reset process, the driver will DOWN the port and then UINIT, in this case, the setup tc process will UP the port before UINIT, so cause the problem. Adds a DOWN process in UINIT to fix it.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *, 6.11

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-667
Improper Locking
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel 6.11 rc1 / / / / / /
o linux linux_kernel 6.11 rc2 / / / / / /
o linux linux_kernel 6.11 rc3 / / / / / /

References

https://git.kernel.org/stable/c/195918217448a6bb7f929d6a2ffffce9f1ece1cc
https://git.kernel.org/stable/c/67492d4d105c0a6321b00c393eec96b9a7a97a16
https://git.kernel.org/stable/c/6ae2b7d63cd056f363045eb65409143e16f23ae8
https://git.kernel.org/stable/c/be5e816d00a506719e9dbb1a9c861c5ced30a109
https://git.kernel.org/stable/c/de37408d5c26fc4a296a28a0c96dcb814219bfa1
https://git.kernel.org/stable/c/fa1d4de7265c370e673583ac8d1bd17d21826cd9
https://git.kernel.org/stable/c/fc250eca15bde34c4c8f806b9d88f55bd56a992c

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-667
2024-09-04
CVE-2024-44995

CVSS Score

5.5 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

    View Vector String

Timeline

Published: Sept. 4, 2024, 8:15 p.m.
Last Modified: Sept. 15, 2024, 6:15 p.m.

Status : Modified

CVE has been amended by a source (CVE Primary CNA or another CNA). Analysis data supplied by the NVD may be no longer be accurate due to these changes.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.