CVE-2024-45007

Summary

In the Linux kernel, the following vulnerability has been resolved:

char: xillybus: Don't destroy workqueue from work item running on it

Triggered by a kref decrement, destroy_workqueue() may be called from within a work item for destroying its own workqueue. This illegal situation is averted by adding a module-global workqueue for exclusive use of the offending work item. Other work items continue to be queued on per-device workqueues to ensure performance.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa53d1202aef122894b6e46116a92174a9123db5d < 409b495f8e3300d5fba08bc817fa8825dae48cc9affected
LinuxLinuxa53d1202aef122894b6e46116a92174a9123db5d < 5d3567caff2a1d678aa40cc74a54e1318941fad3affected
LinuxLinuxa53d1202aef122894b6e46116a92174a9123db5d < a7ad105b12256ec7fb6d6d1a0e2e60f00b7da157affected
LinuxLinuxa53d1202aef122894b6e46116a92174a9123db5d < aa1a19724fa2c31e97a9be48baedd4692b265157affected
LinuxLinuxa53d1202aef122894b6e46116a92174a9123db5d < ccbde4b128ef9c73d14d0d7817d68ef795f6d131affected
LinuxLinux5.14affected
LinuxLinux0 < 5.14unaffected
LinuxLinux5.15.166 <= 5.15.*unaffected
LinuxLinux6.1.107 <= 6.1.*unaffected
LinuxLinux6.6.48 <= 6.6.*unaffected
LinuxLinux6.10.7 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References