CVE-2024-35998

smb3: fix lock ordering potential deadlock in cifs_sync_mid_result

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

smb3: fix lock ordering potential deadlock in cifs_sync_mid_result

Coverity spotted that the cifs_sync_mid_result function could deadlock

"Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires
lock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock"

Addresses-Coverity: 1590401 ("Thread deadlock (ORDER_REVERSAL)")

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb3: corrige el posible interbloqueo en el orden de bloqueo en cifs_sync_mid_result Coverity detectó que la función cifs_sync_mid_result podría interbloquearse "Interbloqueo de subprocesos (ORDER_REVERSAL) lock_order: llamar a spin_lock adquiere el bloqueo TCP_Server_Info.srv_lock mientras mantiene el bloqueo TCP_Server_Info.mid_lock "Direcciones-Cobertura: 1590401 ("Estancamiento del hilo (ORDER_REVERSAL)")

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-17 CVE Reserved
2024-05-20 CVE Published
2024-05-21 EPSS Updated
2024-11-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (4)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/c7a4bca289e50bb4b2650f845c41bb3e453f4c66	2024-05-02
https://git.kernel.org/stable/c/699f8958dece132709c0bff6a9700999a2a63b75	2024-05-02
https://git.kernel.org/stable/c/8248224ab5b8ca7559b671917c224296a4d671fc	2024-05-02
https://git.kernel.org/stable/c/8861fd5180476f45f9e8853db154600469a0284f	2024-04-25

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.90 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.90"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6.30 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.30"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.8.9 Search vendor "Linux" for product "Linux Kernel" and version " < 6.8.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.9 Search vendor "Linux" for product "Linux Kernel" and version " < 6.9"		en		Affected