4.7

CVE-2024-43866

net/mlx5: Always drain health in shutdown callback

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Always drain health in shutdown callback

There is no point in recovery during device shutdown. if health
work started need to wait for it to avoid races and NULL pointer
access.

Hence, drain health WQ on shutdown callback.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.13.16 < 6.1.113
LinuxLinux Kernel Version >= 6.2 < 6.6.45
LinuxLinux Kernel Version >= 6.7 < 6.10.4
LinuxLinux Kernel Version6.11 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.059
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/1b75da22ed1e6171e261bc9265370162553d5393
Patch
https://git.kernel.org/stable/c/5005e2e159b300c1b8c6820a1e13a62eb0127b9b
Patch
https://git.kernel.org/stable/c/6048dec754554a1303d632be6042d3feb3295285
Patch
https://git.kernel.org/stable/c/6b6c2ebd83f2bf97e8f221479372aaca97a4a9b2
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html