Bug 1227730 (CVE-2024-39507) - VUL-0: CVE-2024-39507: kernel: net: hns3: fix kernel crash problem in concurrent scenario
Summary: VUL-0: CVE-2024-39507: kernel: net: hns3: fix kernel crash problem in concurr...
Status: NEW
Alias: CVE-2024-39507
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Thomas Bogendoerfer
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/413822/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-39507:4.7:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-07-12 18:57 UTC by SMASH SMASH
Modified: 2024-07-17 16:45 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-07-12 18:57:53 UTC 
In the Linux kernel, the following vulnerability has been resolved:

net: hns3: fix kernel crash problem in concurrent scenario

When link status change, the nic driver need to notify the roce
driver to handle this event, but at this time, the roce driver
may uninit, then cause kernel crash.

To fix the problem, when link status change, need to check
whether the roce registered, and when uninit, need to wait link
update finish.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-39507
https://www.cve.org/CVERecord?id=CVE-2024-39507
https://git.kernel.org/stable/c/12cda920212a49fa22d9e8b9492ac4ea013310a4
https://git.kernel.org/stable/c/62b5dfb67bfa8bd0301bf3442004563495f9ee48
https://git.kernel.org/stable/c/689de7c3bfc7d47e0eacc641c4ce4a0f579aeefa
https://git.kernel.org/stable/c/6d0007f7b69d684879a0f598a042e40244d3cf63
https://git.kernel.org/stable/c/b2c5024b771cd1dd8175d5f6949accfadbab7edd
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-39507.mbox