CVE-2024-38591 : In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: F

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix deadlock on SRQ async events. xa_lock for SRQ table may be required in AEQ. Use xa_store_irq()/ xa_erase_irq() to avoid deadlock.

Published 2024-06-19 13:45:43

Updated 2025-02-02 11:15:09

Source Linux

View at NVD, CVE.org

Products affected by CVE-2024-38591

Linux » Linux Kernel
Versions from including (>=) 6.7 and before (<) 6.8.12
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.0 and before (<) 5.15.161
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.9 and before (<) 6.9.3
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.16 and before (<) 6.1.93
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.2 and before (<) 6.6.33
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2024-38591

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 10 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-38591

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST	2024-08-27
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2024-38591

CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2024-38591

https://git.kernel.org/stable/c/72dc542f0d8977e7d41d610db6bb65c47cad43e9

RDMA/hns: Fix deadlock on SRQ async events. - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/756ddbe665ea7f9416951bd76731b174d136eea0

RDMA/hns: Fix deadlock on SRQ async events. - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/b46494b6f9c19f141114a57729e198698f40af37

RDMA/hns: Fix deadlock on SRQ async events. - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/605889754ee68aacf7c381938fcd5eb654e71822
https://git.kernel.org/stable/c/22c915af31bd84ffaa46145e317f53333f94a868

RDMA/hns: Fix deadlock on SRQ async events. - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/4a3be1a0ffe04c085dd7f79be97c91b0c786df3d

RDMA/hns: Fix deadlock on SRQ async events. - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/d271e66abac5c7eb8de345b9b44d89f777437a4c

RDMA/hns: Fix deadlock on SRQ async events. - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2024-38591

Products affected by CVE-2024-38591

Exploit prediction scoring system (EPSS) score for CVE-2024-38591

CVSS scores for CVE-2024-38591

CWE ids for CVE-2024-38591

References for CVE-2024-38591