CVE-2024-27021

Summary

In the Linux kernel, the following vulnerability has been resolved:

r8169: fix LED-related deadlock on module removal

Binding devm_led_classdev_register() to the netdev is problematic because on module removal we get a RTNL-related deadlock. Fix this by avoiding the device-managed LED functions.

Note: We can safely call led_classdev_unregister() for a LED even if registering it failed, because led_classdev_unregister() detects this and is a no-op in this case.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux18764b883e157e28126b54e7d4ba9dd487d5bf54 < 53d986f39acd8ea11c9e460732bfa5add66360d9affected
LinuxLinux18764b883e157e28126b54e7d4ba9dd487d5bf54 < 19fa4f2a85d777a8052e869c1b892a2f7556569daffected
LinuxLinux6.8affected
LinuxLinux0 < 6.8unaffected
LinuxLinux6.8.8 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References