CVE-2024-43866

MEDIUM

Linux Kernel Race Condition in mlx5 Health Work Queue Drain

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Always drain health in shutdown callback There is no point in recovery during device shutdown. if health work started need to wait for it to avoid races and NULL pointer access. Hence, drain health WQ on shutdown callback.

References (5)

Core 5

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Patch

https://git.kernel.org/stable/c/5005e2e159b300c1b8c6820a1e13a62eb0127b9b

Patch

https://git.kernel.org/stable/c/6b6c2ebd83f2bf97e8f221479372aaca97a4a9b2

Patch

https://git.kernel.org/stable/c/6048dec754554a1303d632be6042d3feb3295285

Patch

https://git.kernel.org/stable/c/1b75da22ed1e6171e261bc9265370162553d5393

Scores

CVSS v3 4.7

EPSS 0.0016

EPSS Percentile 5.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-362 CWE-476

Status published

Products (17)

linux/Kernel 4.14.0 - 6.1.113linux

linux/Kernel 6.2.0 - 6.6.45linux

linux/Kernel 6.7.0 - 6.10.4linux

Linux/Linux < 4.14

Linux/Linux 4.13.16 - 4.14

Linux/Linux 4.14

Linux/Linux 6.1.113 - 6.1.*

Linux/Linux 6.10.4 - 6.10.*

Linux/Linux 6.11

Linux/Linux 6.6.45 - 6.6.*

... and 7 more

Published Aug 21, 2024

Tracked Since Feb 18, 2026