CVE-2024-35819
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
17/05/2024
Last modified:
17/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
soc: fsl: qbman: Use raw spinlock for cgr_lock<br />
<br />
smp_call_function always runs its callback in hard IRQ context, even on<br />
PREEMPT_RT, where spinlocks can sleep. So we need to use a raw spinlock<br />
for cgr_lock to ensure we aren&#39;t waiting on a sleeping task.<br />
<br />
Although this bug has existed for a while, it was not apparent until<br />
commit ef2a8d5478b9 ("net: dpaa: Adjust queue depth on rate change")<br />
which invokes smp_call_function_single via qman_update_cgr_safe every<br />
time a link goes up or down.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.9.92 (including) | 4.10 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.14.32 (including) | 4.15 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.15.15 (including) | 4.16 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.16.1 (including) | 4.19.312 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.274 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.215 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.154 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.84 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.24 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.7.12 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.8 (including) | 6.8.3 (excluding) |
| cpe:2.3:o:linux:linux_kernel:4.16:-:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:4.16:rc7:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/2b3fede8225133671ce837c0d284804aa3bc7a02
- https://git.kernel.org/stable/c/32edca2f03a6cc42c650ddc3ad83d086e3f365d1
- https://git.kernel.org/stable/c/54d26adf64c04f186098b39dba86b86037084baa
- https://git.kernel.org/stable/c/9a3ca8292ce9fdcce122706c28c3f07bc857fe5e
- https://git.kernel.org/stable/c/cd53a8ae5aacb4ecd25088486dea1cd02e74b506
- https://git.kernel.org/stable/c/d6b5aac451c9cc12e43ab7308e0e2ddc52c62c14
- https://git.kernel.org/stable/c/f39d36b7540cf0088ed7ce2de2794f2aa237f6df
- https://git.kernel.org/stable/c/fbec4e7fed89b579f2483041fabf9650fb0dd6bc
- https://git.kernel.org/stable/c/ff50716b7d5b7985979a5b21163cd79fb3d21d59
- https://git.kernel.org/stable/c/2b3fede8225133671ce837c0d284804aa3bc7a02
- https://git.kernel.org/stable/c/32edca2f03a6cc42c650ddc3ad83d086e3f365d1
- https://git.kernel.org/stable/c/54d26adf64c04f186098b39dba86b86037084baa
- https://git.kernel.org/stable/c/9a3ca8292ce9fdcce122706c28c3f07bc857fe5e
- https://git.kernel.org/stable/c/cd53a8ae5aacb4ecd25088486dea1cd02e74b506
- https://git.kernel.org/stable/c/d6b5aac451c9cc12e43ab7308e0e2ddc52c62c14
- https://git.kernel.org/stable/c/f39d36b7540cf0088ed7ce2de2794f2aa237f6df
- https://git.kernel.org/stable/c/fbec4e7fed89b579f2483041fabf9650fb0dd6bc
- https://git.kernel.org/stable/c/ff50716b7d5b7985979a5b21163cd79fb3d21d59
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html