Executive Summary

Informations
Name CVE-2024-44995 First vendor Publication 2024-09-04
Vendor Cve Last vendor Modification 2024-09-15

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

net: hns3: fix a deadlock problem when config TC during resetting

When config TC during the reset process, may cause a deadlock, the flow is as below:
pf reset start
¦
?
...... setup tc ¦
¦ ?
? DOWN: napi_disable() napi_disable()(skip) ¦
¦ ¦
? ?
...... ......
¦ ¦
? ¦ napi_enable() ¦
?
UINIT: netif_napi_del()
¦
?
......
¦
?
INIT: netif_napi_add()
¦
?
...... global reset start
¦ ¦
? ?
UP: napi_enable()(skip) ......
¦ ¦
? ?
...... napi_disable()

In reset process, the driver will DOWN the port and then UINIT, in this case, the setup tc process will UP the port before UINIT, so cause the problem. Adds a DOWN process in UINIT to fix it.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44995

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-667 Insufficient Locking

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3602

Sources (Detail)

https://git.kernel.org/stable/c/195918217448a6bb7f929d6a2ffffce9f1ece1cc
https://git.kernel.org/stable/c/67492d4d105c0a6321b00c393eec96b9a7a97a16
https://git.kernel.org/stable/c/6ae2b7d63cd056f363045eb65409143e16f23ae8
https://git.kernel.org/stable/c/be5e816d00a506719e9dbb1a9c861c5ced30a109
https://git.kernel.org/stable/c/de37408d5c26fc4a296a28a0c96dcb814219bfa1
https://git.kernel.org/stable/c/fa1d4de7265c370e673583ac8d1bd17d21826cd9
https://git.kernel.org/stable/c/fc250eca15bde34c4c8f806b9d88f55bd56a992c
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
Date Informations
2024-10-03 02:53:33
  • Multiple Updates
2024-10-02 02:51:57
  • Multiple Updates
2024-09-16 00:27:31
  • Multiple Updates
2024-09-14 21:29:52
  • Multiple Updates
2024-09-12 00:27:29
  • Multiple Updates
2024-09-06 21:27:34
  • Multiple Updates
2024-09-05 17:27:24
  • Multiple Updates
2024-09-05 00:27:25
  • First insertion