5.5

CVE-2024-35998

smb3: fix lock ordering potential deadlock in cifs_sync_mid_result

In the Linux kernel, the following vulnerability has been resolved:

smb3: fix lock ordering potential deadlock in cifs_sync_mid_result

Coverity spotted that the cifs_sync_mid_result function could deadlock

"Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires
lock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock"

Addresses-Coverity: 1590401 ("Thread deadlock (ORDER_REVERSAL)")
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 6.1.90
LinuxLinux Kernel Version >= 6.2 < 6.6.30
LinuxLinux Kernel Version >= 6.7 < 6.8.9
LinuxLinux Kernel Version6.9 Updaterc1
LinuxLinux Kernel Version6.9 Updaterc2
LinuxLinux Kernel Version6.9 Updaterc3
LinuxLinux Kernel Version6.9 Updaterc4
LinuxLinux Kernel Version6.9 Updaterc5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.061
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

https://git.kernel.org/stable/c/699f8958dece132709c0bff6a9700999a2a63b75
Patch
https://git.kernel.org/stable/c/8248224ab5b8ca7559b671917c224296a4d671fc
Patch
https://git.kernel.org/stable/c/8861fd5180476f45f9e8853db154600469a0284f
Patch
https://git.kernel.org/stable/c/c7a4bca289e50bb4b2650f845c41bb3e453f4c66
Patch