// For flags

CVE-2021-47382

s390/qeth: fix deadlock during failing recovery

Severity Score

"-"
*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

s390/qeth: fix deadlock during failing recovery

Commit 0b9902c1fcc5 ("s390/qeth: fix deadlock during recovery") removed
taking discipline_mutex inside qeth_do_reset(), fixing potential
deadlocks. An error path was missed though, that still takes
discipline_mutex and thus has the original deadlock potential.

Intermittent deadlocks were seen when a qeth channel path is configured
offline, causing a race between qeth_do_reset and ccwgroup_remove.
Call qeth_set_offline() directly in the qeth_do_reset() error case and
then a new variant of ccwgroup_set_offline(), without taking
discipline_mutex.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: s390/qeth: arreglar el punto muerto durante la recuperación fallida. La confirmación 0b9902c1fcc5 ("s390/qeth: arreglar el punto muerto durante la recuperación") se eliminó tomando discipline_mutex dentro de qeth_do_reset(), solucionando posibles puntos muertos. Sin embargo, se omitió una ruta de error que todavía requiere discipline_mutex y, por lo tanto, tiene el potencial de bloqueo original. Se observaron interbloqueos intermitentes cuando la ruta de un canal qeth se configura fuera de línea, lo que provocó una ejecución entre qeth_do_reset y ccwgroup_remove. Llame a qeth_set_offline() directamente en el caso de error qeth_do_reset() y luego a una nueva variante de ccwgroup_set_offline(), sin tomar discipline_mutex.

*Credits: N/A
CVSS Scores
Attack Vector
-
Attack Complexity
-
Privileges Required
-
User Interaction
-
Scope
-
Confidentiality
-
Integrity
-
Availability
-
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-05-21 CVE Reserved
  • 2024-05-21 CVE Published
  • 2024-05-22 EPSS Updated
  • 2024-12-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.11 < 5.14.10
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.14.10"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.11 < 5.15
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.15"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
5.10.8
Search vendor "Linux" for product "Linux Kernel" and version "5.10.8"
en
Affected