Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-49569

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
11/01/2025
Last modified:
15/10/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nvme-rdma: unquiesce admin_q before destroy it<br /> <br /> Kernel will hang on destroy admin_q while we create ctrl failed, such<br /> as following calltrace:<br /> <br /> PID: 23644 TASK: ff2d52b40f439fc0 CPU: 2 COMMAND: "nvme"<br /> #0 [ff61d23de260fb78] __schedule at ffffffff8323bc15<br /> #1 [ff61d23de260fc08] schedule at ffffffff8323c014<br /> #2 [ff61d23de260fc28] blk_mq_freeze_queue_wait at ffffffff82a3dba1<br /> #3 [ff61d23de260fc78] blk_freeze_queue at ffffffff82a4113a<br /> #4 [ff61d23de260fc90] blk_cleanup_queue at ffffffff82a33006<br /> #5 [ff61d23de260fcb0] nvme_rdma_destroy_admin_queue at ffffffffc12686ce<br /> #6 [ff61d23de260fcc8] nvme_rdma_setup_ctrl at ffffffffc1268ced<br /> #7 [ff61d23de260fd28] nvme_rdma_create_ctrl at ffffffffc126919b<br /> #8 [ff61d23de260fd68] nvmf_dev_write at ffffffffc024f362<br /> #9 [ff61d23de260fe38] vfs_write at ffffffff827d5f25<br /> RIP: 00007fda7891d574 RSP: 00007ffe2ef06958 RFLAGS: 00000202<br /> RAX: ffffffffffffffda RBX: 000055e8122a4d90 RCX: 00007fda7891d574<br /> RDX: 000000000000012b RSI: 000055e8122a4d90 RDI: 0000000000000004<br /> RBP: 00007ffe2ef079c0 R8: 000000000000012b R9: 000055e8122a4d90<br /> R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000004<br /> R13: 000055e8122923c0 R14: 000000000000012b R15: 00007fda78a54500<br /> ORIG_RAX: 0000000000000001 CS: 0033 SS: 002b<br /> <br /> This due to we have quiesced admi_q before cancel requests, but forgot<br /> to unquiesce before destroy it, as a result we fail to drain the<br /> pending requests, and hang on blk_mq_freeze_queue_wait() forever. Here<br /> try to reuse nvme_rdma_teardown_admin_queue() to fix this issue and<br /> simplify the code.

Impact

Vector 3.x
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.70 MEDIUM
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.70
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.4.103 (including) 5.5 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.10.21 (including) 5.11 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11.4 (including) 6.6.88 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.12.5 (excluding)
cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools