CVE-2024-36924

MEDIUM5.5

scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()

Published May 30, 2024

Modified 1 weeks ago

No fix available

Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()

lpfc_worker_wake_up() calls the lpfc_work_done() routine, which takes the hbalock. Thus, lpfc_worker_wake_up() should not be called while holding the hbalock to avoid potential deadlock.

References

WEBhttps://git.kernel.org/stable/c/6503c39398506cadda9f4c81695a9655ca5fb4fd WEBhttps://git.kernel.org/stable/c/ded20192dff31c91cef2a04f7e20e60e9bb887d3 WEBhttps://git.kernel.org/stable/c/e8bf2c05e8ad68e90f9d5889a9e4ef3f6fe00683 WEBhttps://git.kernel.org/stable/c/ee833d7e62de2b84ed1332d501b67f12e7e5678f ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2024-36924

CVSS Analysis

CVSS v3.1

5.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedMay 30, 2024

ModifiedJan 5, 2026

CVE-2024-36924 | Mondoo Vulnerability Intelligence