Informazioni sul CVE-2024-36003
ice: fix LAG and VF lock dependency in ice_reset_vf()
CWE ID: N/A
Base Score (CVSS): N/A
CVE: CVE-2024-36003
Descrizione: “The Linux kernel has resolved a vulnerability in the ice driver. This vulnerability affects the ice driver’s ability to acquire the LAG mutex. The driver’s lock acquisition was placed just before the VF configuration lock. If the driver acquires the configuration lock via the ICE_VF_RESET_LOCK flag, it could deadlock with the ice_vc_cfg_qs_msg() function. This deadlock is detected by lockdep, reporting it almost immediately. The lockdep report shows 2 VF locks being held by kworker/60:3/6771: * **Lock 1:** ff40d43e05428b38 (wq_completion) ice: +0:0, at: process_one_work+0x176/0x4d0 * **Lock 2:** ff50d06e05197e58 (work_completion) &pf->lag_mutex (0:0), at: ice_process_vflr_event+0x48/0xd0 [ice] * **Lock 3:** ff40d43ea1960e50 (pf->vfs.table_lock) ice: +0:0, at: ice_reset_vf+0x22f/0x4d0 [ice] The stack trace shows the CPU is running on PID 60, and the code is from the kworker/60:3/6771 process. The code is backtrace: … (truncated) …”
Vettore di attacco
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: .
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|
Riferimenti esterni
- https://git.kernel.org/stable/c/740717774dc37338404d10726967d582414f638c
- https://git.kernel.org/stable/c/de8631d8c9df08440268630200e64b623a5f69e6
- https://git.kernel.org/stable/c/96fdd1f6b4ed72a741fb0eb705c0e13049b8721f
Prodotti interessati
- Linux – Linux
- Linux – Linux