CVE-2024-41064

powerpc/eeh: avoid possible crash when edev->pdev changes

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

powerpc/eeh: avoid possible crash when edev->pdev changes

If a PCI device is removed during eeh_pe_report_edev(), edev->pdev
will change and can cause a crash, hold the PCI rescan/remove lock
while taking a copy of edev->pdev->bus.

*Credits: N/A

CVSS Scores

Red Hatv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-12 CVE Reserved
2024-07-29 CVE Published
2024-08-27 EPSS Updated
2024-11-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-413: Improper Resource Locking

CAPEC

References (9)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/8836e1bf5838ac6c08760e0a2dd7cf6410aa7ff3	2024-07-27
https://git.kernel.org/stable/c/033c51dfdbb6b79ab43fb3587276fa82d0a329e1	2024-07-27
https://git.kernel.org/stable/c/4fad7fef847b6028475dd7b4c14fcb82b3e51274	2024-07-27
https://git.kernel.org/stable/c/4bc246d2d60d071314842fa448faa4ed39082aff	2024-07-25
https://git.kernel.org/stable/c/f23c3d1ca9c4b2d626242a4e7e1ec1770447f7b5	2024-07-25
https://git.kernel.org/stable/c/428d940a8b6b3350b282c14d3f63350bde65c48b	2024-07-25
https://git.kernel.org/stable/c/a1216e62d039bf63a539bbe718536ec789a853dd	2024-06-23

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-41064	2024-10-30
https://bugzilla.redhat.com/show_bug.cgi?id=2300439	2024-10-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.281 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.281"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.223 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.223"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.164 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.164"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.101 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.101"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6.42 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.42"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.9.11 Search vendor "Linux" for product "Linux Kernel" and version " < 6.9.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.10 Search vendor "Linux" for product "Linux Kernel" and version " < 6.10"		en		Affected