CVE-2024-35998

Summary

In the Linux kernel, the following vulnerability has been resolved:

smb3: fix lock ordering potential deadlock in cifs_sync_mid_result

Coverity spotted that the cifs_sync_mid_result function could deadlock

"Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires lock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock"

Addresses-Coverity: 1590401 ("Thread deadlock (ORDER_REVERSAL)")

Affected Software

VendorProductVersion RangeStatus
LinuxLinux64d62ac6d6514cba1305bd08e271ec1843bdd612 < c7a4bca289e50bb4b2650f845c41bb3e453f4c66affected
LinuxLinux90c49fce1c43e1cc152695e20363ff5087897c09 < 699f8958dece132709c0bff6a9700999a2a63b75affected
LinuxLinux90c49fce1c43e1cc152695e20363ff5087897c09 < 8248224ab5b8ca7559b671917c224296a4d671fcaffected
LinuxLinux90c49fce1c43e1cc152695e20363ff5087897c09 < 8861fd5180476f45f9e8853db154600469a0284faffected
LinuxLinuxc511954bf142fe1995aec3c739a9f1a76990283aaffected
LinuxLinux0b08c4c499200be67d54c439d56e5ea866869945affected
LinuxLinux6.1.28 < 6.1.90affected
LinuxLinux6.2.15 < 6.3affected
LinuxLinux6.3.2 < 6.4affected
LinuxLinux6.4affected
LinuxLinux0 < 6.4unaffected
LinuxLinux6.1.90 <= 6.1.*unaffected
LinuxLinux6.6.30 <= 6.6.*unaffected
LinuxLinux6.8.9 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References