CVE-2024-43872

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup under heavy CEQE load CEQEs are handled in interrupt handler currently. This may cause the CPU core staying in interrupt context too long and lead to soft lockup under heavy load. Handle CEQEs in BH workqueue and set an upper limit for the number of CEQE handled by a single call of work handler.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/06580b33c183c9f98e2a2ca96a86137179032c08	Patch
https://git.kernel.org/stable/c/2fdf34038369c0a27811e7b4680662a14ada1d6b	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

03 Sep 2024, 13:38

Type	Values Removed	Values Added
CWE		CWE-667
References	~~() https://git.kernel.org/stable/c/06580b33c183c9f98e2a2ca96a86137179032c08 -~~	() https://git.kernel.org/stable/c/06580b33c183c9f98e2a2ca96a86137179032c08 - Patch
References	~~() https://git.kernel.org/stable/c/2fdf34038369c0a27811e7b4680662a14ada1d6b -~~	() https://git.kernel.org/stable/c/2fdf34038369c0a27811e7b4680662a14ada1d6b - Patch
First Time		Linux Linux linux Kernel
CPE		cpe:2.3:o:linux:linux_kernel::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

21 Aug 2024, 12:30

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-21 01:15

Updated : 2024-09-03 13:38

NVD link : CVE-2024-43872

Mitre link : CVE-2024-43872

CVE.ORG link : CVE-2024-43872

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-667

Improper Locking

{"id": "CVE-2024-43872", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-08-21T01:15:11.740", "references": [{"url": "https://git.kernel.org/stable/c/06580b33c183c9f98e2a2ca96a86137179032c08", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2fdf34038369c0a27811e7b4680662a14ada1d6b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-667"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup under heavy CEQE load\n\nCEQEs are handled in interrupt handler currently. This may cause the\nCPU core staying in interrupt context too long and lead to soft lockup\nunder heavy load.\n\nHandle CEQEs in BH workqueue and set an upper limit for the number of\nCEQE handled by a single call of work handler."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: RDMA/hns: corrige el bloqueo suave bajo carga pesada de CEQE. Actualmente, los CEQE se manejan en el controlador de interrupciones. Esto puede hacer que el n\u00facleo de la CPU permanezca en el contexto de interrupci\u00f3n durante demasiado tiempo y provocar un bloqueo suave bajo una carga pesada. Maneje CEQE en la cola de trabajo de BH y establezca un l\u00edmite superior para la cantidad de CEQE manejados por una sola llamada de controlador de trabajo."}], "lastModified": "2024-09-03T13:38:34.867", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2194910-A867-4355-9344-95E7D3E499E3", "versionEndExcluding": "6.10.3", "versionStartIncluding": "4.16"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}