CVE-2024-26917

Summary

In the Linux kernel, the following vulnerability has been resolved:

scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"

This reverts commit 1a1975551943f681772720f639ff42fbaa746212.

This commit causes interrupts to be lost for FCoE devices, since it changed sping locks from "bh" to "irqsave".

Instead, a work queue should be used, and will be addressed in a separate commit.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux264eae2f523d2aae38188facb4ece893023f25da < 94a600226b6d0ef065ee84024b450b566c5a87d6affected
LinuxLinuxd2bf25674cea74b865d367d09be5dfe9aff5922a < 2209fc6e3d7727d787dc6ef9baa1e9eae6b1295baffected
LinuxLinux9cce8ef7a6fa858bbcacd8679a5ca5a4fd3a6df3 < 7d4e19f7ff644c5b79e8271df8ac2e549b436a5baffected
LinuxLinux076fb40cf27ab9232d8cce1f007e663e46705302 < 5b8f473c4de95c056c1c767b1ad48c191544f6a5affected
LinuxLinux5a5fb3b1754fa2b4db95f0151b4af0fb6f8918ec < 6bb22ac1d11d7d20f91e7fd2e657a9e5f6db65e0affected
LinuxLinux1a1975551943f681772720f639ff42fbaa746212 < 2996c7e97ea7cf4c1838a1b1dbc0885934113783affected
LinuxLinux1a1975551943f681772720f639ff42fbaa746212 < 25675159040bffc7992d5163f3f33ba7d0142f21affected
LinuxLinux1a1975551943f681772720f639ff42fbaa746212 < 977fe773dcc7098d8eaf4ee6382cb51e13e784cbaffected
LinuxLinux4ea46b479a00dd232f0dbc81fdc27f9330ecb3adaffected
LinuxLinux694ddc5bf35a5b6f9acb6e4724324c910a1237f1affected
LinuxLinux6c5d7242bcf2154e9576e5eb2a98c6984ca5ea9aaffected
LinuxLinux4.19.295 < 4.19.307affected
LinuxLinux5.4.257 < 5.4.269affected
LinuxLinux5.10.195 < 5.10.210affected
LinuxLinux5.15.132 < 5.15.149affected
LinuxLinux6.1.53 < 6.1.79affected
LinuxLinux4.14.326 < 4.15affected
LinuxLinux6.4.16 < 6.5affected
LinuxLinux6.5.3 < 6.6affected
LinuxLinux6.6affected
LinuxLinux0 < 6.6unaffected
LinuxLinux4.19.307 <= 4.19.*unaffected
LinuxLinux5.4.269 <= 5.4.*unaffected
LinuxLinux5.10.210 <= 5.10.*unaffected
LinuxLinux5.15.149 <= 5.15.*unaffected
LinuxLinux6.1.79 <= 6.1.*unaffected
LinuxLinux6.6.18 <= 6.6.*unaffected
LinuxLinux6.7.6 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References