5.5

CVE-2024-39507

net: hns3: fix kernel crash problem in concurrent scenario

In the Linux kernel, the following vulnerability has been resolved:

net: hns3: fix kernel crash problem in concurrent scenario

When link status change, the nic driver need to notify the roce
driver to handle this event, but at this time, the roce driver
may uninit, then cause kernel crash.

To fix the problem, when link status change, need to check
whether the roce registered, and when uninit, need to wait link
update finish.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.1 < 5.15.162
LinuxLinux Kernel Version >= 5.16 < 6.1.95
LinuxLinux Kernel Version >= 6.2 < 6.6.35
LinuxLinux Kernel Version >= 6.7 < 6.9.6
LinuxLinux Kernel Version6.10 Updaterc1
LinuxLinux Kernel Version6.10 Updaterc2
LinuxLinux Kernel Version6.10 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.195
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://git.kernel.org/stable/c/12cda920212a49fa22d9e8b9492ac4ea013310a4
Patch
https://git.kernel.org/stable/c/62b5dfb67bfa8bd0301bf3442004563495f9ee48
Patch
https://git.kernel.org/stable/c/689de7c3bfc7d47e0eacc641c4ce4a0f579aeefa
Patch
https://git.kernel.org/stable/c/6d0007f7b69d684879a0f598a042e40244d3cf63
Patch
https://git.kernel.org/stable/c/b2c5024b771cd1dd8175d5f6949accfadbab7edd
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html