CVE-2024-27009

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> s390/cio: fix race condition during online processing<br /> <br /> A race condition exists in ccw_device_set_online() that can cause the<br /> online process to fail, leaving the affected device in an inconsistent<br /> state. As a result, subsequent attempts to set that device online fail<br /> with return code ENODEV.<br /> <br /> The problem occurs when a path verification request arrives after<br /> a wait for final device state completed, but before the result state<br /> is evaluated.<br /> <br /> Fix this by ensuring that the CCW-device lock is held between<br /> determining final state and checking result state.<br /> <br /> Note that since:<br /> <br /> commit 2297791c92d0 ("s390/cio: dont unregister subchannel from child-drivers")<br /> <br /> path verification requests are much more likely to occur during boot,<br /> resulting in an increased chance of this race condition occurring.