CVE-2024-36924

MEDIUM

Linux Kernel - Denial of Service via Deadlock in lpfc_worker_wake_up

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() lpfc_worker_wake_up() calls the lpfc_work_done() routine, which takes the hbalock. Thus, lpfc_worker_wake_up() should not be called while holding the hbalock to avoid potential deadlock.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/6503c39398506cadda9f4c81695a9655ca5fb4fd

Patch

https://git.kernel.org/stable/c/e8bf2c05e8ad68e90f9d5889a9e4ef3f6fe00683

Patch

https://git.kernel.org/stable/c/ee833d7e62de2b84ed1332d501b67f12e7e5678f

Patch

https://git.kernel.org/stable/c/ded20192dff31c91cef2a04f7e20e60e9bb887d3

Scores

CVSS v3 5.5

EPSS 0.0019

EPSS Percentile 9.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-667

Status published

Products (15)

linux/Kernel 2.6.23 - 6.1.91linux

linux/Kernel 6.2.0 - 6.6.31linux

linux/Kernel 6.7.0 - 6.8.10linux

Linux/Linux < 2.6.23

Linux/Linux 2.6.23

Linux/Linux 6.1.91 - 6.1.*

Linux/Linux 6.6.31 - 6.6.*

Linux/Linux 6.8.10 - 6.8.*

Linux/Linux 6.9

Linux/Linux 92d7f7b0cde3ad2260e7462b40867b57efd49851 - 6503c39398506cadda9f4c81695a9655ca5fb4fd

... and 5 more

Published May 30, 2024

Tracked Since Feb 18, 2026