CVE-2024-27021

In the Linux kernel, the following vulnerability has been resolved: r8169: fix LED-related deadlock on module removal Binding devm_led_classdev_register() to the netdev is problematic because on module removal we get a RTNL-related deadlock. Fix this by avoiding the device-managed LED functions. Note: We can safely call led_classdev_unregister() for a LED even if registering it failed, because led_classdev_unregister() detects this and is a no-op in this case.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*

History

21 Nov 2024, 09:03

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/19fa4f2a85d777a8052e869c1b892a2f7556569d - Patch () https://git.kernel.org/stable/c/19fa4f2a85d777a8052e869c1b892a2f7556569d - Patch
References () https://git.kernel.org/stable/c/53d986f39acd8ea11c9e460732bfa5add66360d9 - Patch () https://git.kernel.org/stable/c/53d986f39acd8ea11c9e460732bfa5add66360d9 - Patch

23 May 2024, 19:37

Type Values Removed Values Added
CWE CWE-667
CPE cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
References () https://git.kernel.org/stable/c/19fa4f2a85d777a8052e869c1b892a2f7556569d - () https://git.kernel.org/stable/c/19fa4f2a85d777a8052e869c1b892a2f7556569d - Patch
References () https://git.kernel.org/stable/c/53d986f39acd8ea11c9e460732bfa5add66360d9 - () https://git.kernel.org/stable/c/53d986f39acd8ea11c9e460732bfa5add66360d9 - Patch
First Time Fedoraproject
Fedoraproject fedora
Linux linux Kernel
Linux
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8

13 May 2024, 08:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}

03 May 2024, 03:16

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/ -
Summary
  • (es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: r8169: corrige el punto muerto relacionado con el LED al eliminar el módulo. Vincular devm_led_classdev_register() al netdev es problemático porque al eliminar el módulo obtenemos un punto muerto relacionado con RTNL. Solucione este problema evitando las funciones LED administradas por el dispositivo. Nota: Podemos llamar con seguridad a led_classdev_unregister() para un LED incluso si falla el registro, porque led_classdev_unregister() detecta esto y no es operativo en este caso.

01 May 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-01 06:15

Updated : 2024-11-21 09:03


NVD link : CVE-2024-27021

Mitre link : CVE-2024-27021

CVE.ORG link : CVE-2024-27021


JSON object : View

Products Affected

linux

  • linux_kernel

fedoraproject

  • fedora
CWE
CWE-667

Improper Locking