4.7
CVE-2021-47382
- EPSS 0.01%
- Published 21.05.2024 15:15:23
- Last modified 23.12.2024 21:00:53
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Open
LoginIn the Linux kernel, the following vulnerability has been resolved:
s390/qeth: fix deadlock during failing recovery
Commit 0b9902c1fcc5 ("s390/qeth: fix deadlock during recovery") removed
taking discipline_mutex inside qeth_do_reset(), fixing potential
deadlocks. An error path was missed though, that still takes
discipline_mutex and thus has the original deadlock potential.
Intermittent deadlocks were seen when a qeth channel path is configured
offline, causing a race between qeth_do_reset and ccwgroup_remove.
Call qeth_set_offline() directly in the qeth_do_reset() error case and
then a new variant of ccwgroup_set_offline(), without taking
discipline_mutex.Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.10.8 < 5.14.10
Linux ≫ Linux Kernel Version5.15 Updaterc1
Linux ≫ Linux Kernel Version5.15 Updaterc2
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.01 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.7 | 1 | 3.6 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
CWE-667 Improper Locking
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.