CVE-2024-26917

scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"

This reverts commit 1a1975551943f681772720f639ff42fbaa746212.

This commit causes interrupts to be lost for FCoE devices, since it changed
sping locks from "bh" to "irqsave".

Instead, a work queue should be used, and will be addressed in a separate
commit.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: scsi: Revertir "scsi: fcoe: Reparar posible punto muerto en &fip->ctlr_lock" Esto revierte el commit 1a1975551943f681772720f639ff42fbaa746212. Este commit provoca que se pierdan las interrupciones para los dispositivos FCoE, ya que cambió los bloqueos de sping de "bh" a "irqsave". En su lugar, se debe utilizar una cola de trabajo, que se abordará en un commit separado.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-04-17 CVE Published
2024-04-18 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (19)

URL	Tag	Source
https://git.kernel.org/stable/c/264eae2f523d2aae38188facb4ece893023f25da	Vuln. Introduced
https://git.kernel.org/stable/c/d2bf25674cea74b865d367d09be5dfe9aff5922a	Vuln. Introduced
https://git.kernel.org/stable/c/9cce8ef7a6fa858bbcacd8679a5ca5a4fd3a6df3	Vuln. Introduced
https://git.kernel.org/stable/c/076fb40cf27ab9232d8cce1f007e663e46705302	Vuln. Introduced
https://git.kernel.org/stable/c/5a5fb3b1754fa2b4db95f0151b4af0fb6f8918ec	Vuln. Introduced
https://git.kernel.org/stable/c/1a1975551943f681772720f639ff42fbaa746212	Vuln. Introduced
https://git.kernel.org/stable/c/4ea46b479a00dd232f0dbc81fdc27f9330ecb3ad	Vuln. Introduced
https://git.kernel.org/stable/c/694ddc5bf35a5b6f9acb6e4724324c910a1237f1	Vuln. Introduced
https://git.kernel.org/stable/c/6c5d7242bcf2154e9576e5eb2a98c6984ca5ea9a	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/94a600226b6d0ef065ee84024b450b566c5a87d6	2024-02-23
https://git.kernel.org/stable/c/2209fc6e3d7727d787dc6ef9baa1e9eae6b1295b	2024-02-23
https://git.kernel.org/stable/c/7d4e19f7ff644c5b79e8271df8ac2e549b436a5b	2024-02-23
https://git.kernel.org/stable/c/5b8f473c4de95c056c1c767b1ad48c191544f6a5	2024-02-23
https://git.kernel.org/stable/c/6bb22ac1d11d7d20f91e7fd2e657a9e5f6db65e0	2024-02-23
https://git.kernel.org/stable/c/2996c7e97ea7cf4c1838a1b1dbc0885934113783	2024-02-23
https://git.kernel.org/stable/c/25675159040bffc7992d5163f3f33ba7d0142f21	2024-02-23
https://git.kernel.org/stable/c/977fe773dcc7098d8eaf4ee6382cb51e13e784cb	2024-02-13

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.295 < 4.19.307 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.295 < 4.19.307"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.257 < 5.4.269 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.257 < 5.4.269"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.195 < 5.10.210 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.195 < 5.10.210"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.132 < 5.15.149 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.132 < 5.15.149"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.53 < 6.1.79 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.53 < 6.1.79"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6 < 6.6.18 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.6.18"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6 < 6.7.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.7.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.14.326 Search vendor "Linux" for product "Linux Kernel" and version "4.14.326"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.4.16 Search vendor "Linux" for product "Linux Kernel" and version "6.4.16"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.5.3 Search vendor "Linux" for product "Linux Kernel" and version "6.5.3"		en		Affected