CVE-2024-44995

Sept. 15, 2024, 6:15 p.m.

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-667
2024-09-04
CVE-2024-44995

CVSS Score

5.5 / 10

Products Impacted

Vendor Product Versions
linux
  • linux_kernel
  • *, 6.11

Description

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix a deadlock problem when config TC during resetting When config TC during the reset process, may cause a deadlock, the flow is as below: pf reset start │ ▼ ...... setup tc │ │ ▼ ▼ DOWN: napi_disable() napi_disable()(skip) │ │ │ ▼ ▼ ...... ...... │ │ ▼ │ napi_enable() │ ▼ UINIT: netif_napi_del() │ ▼ ...... │ ▼ INIT: netif_napi_add() │ ▼ ...... global reset start │ │ ▼ ▼ UP: napi_enable()(skip) ...... │ │ ▼ ▼ ...... napi_disable() In reset process, the driver will DOWN the port and then UINIT, in this case, the setup tc process will UP the port before UINIT, so cause the problem. Adds a DOWN process in UINIT to fix it.

Weaknesses

CWE-667
Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

CWE ID: 667

Date

Published: Sept. 4, 2024, 8:15 p.m.

Last Modified: Sept. 15, 2024, 6:15 p.m.

Status : Modified

CVE has been amended by a source (CVE Primary CNA or another CNA). Analysis data supplied by the NVD may be no longer be accurate due to these changes.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

CPEs

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel 6.11 rc1 / / / / / /
o linux linux_kernel 6.11 rc2 / / / / / /
o linux linux_kernel 6.11 rc3 / / / / / /

CVSS Data

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

Base Score
5.5
Exploitability Score
1.8
Impact Score
3.6
Base Severity
MEDIUM
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

https://git.kernel.org/stable/c/195918217448a6bb7f929d6a2ffffce9f1ece1cc
416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/67492d4d105c0a6321b00c393eec96b9a7a97a16
416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/6ae2b7d63cd056f363045eb65409143e16f23ae8
416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/be5e816d00a506719e9dbb1a9c861c5ced30a109
416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/de37408d5c26fc4a296a28a0c96dcb814219bfa1
416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/fa1d4de7265c370e673583ac8d1bd17d21826cd9
416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/fc250eca15bde34c4c8f806b9d88f55bd56a992c
416baaa9-dc9f-4396-8d5f-8c081fb06d67