7.8
CVE-2024-38556
- EPSS 0.03%
- Published 19.06.2024 14:15:15
- Last modified 06.03.2025 12:53:37
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Open
LoginIn the Linux kernel, the following vulnerability has been resolved: net/mlx5: Add a timeout to acquire the command queue semaphore Prevent forced completion handling on an entry that has not yet been assigned an index, causing an out of bounds access on idx = -22. Instead of waiting indefinitely for the sem, blocking flow now waits for index to be allocated or a sem acquisition timeout before beginning the timer for FW completion. Kernel log example: mlx5_core 0000:06:00.0: wait_func_handle_exec_timeout:1128:(pid 185911): cmd[-22]: CREATE_UCTX(0xa04) No done completion
Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.4.174 < 5.5
Linux ≫ Linux Kernel Version >= 5.10.94 < 5.11
Linux ≫ Linux Kernel Version >= 5.15.17 < 5.16
Linux ≫ Linux Kernel Version >= 5.16.3 <= 6.1.93
Linux ≫ Linux Kernel Version >= 6.2 <= 6.6.33
Linux ≫ Linux Kernel Version >= 6.7 <= 6.8.12
Linux ≫ Linux Kernel Version >= 6.9 <= 6.9.3
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.078 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-129 Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.