CVE-2024-27435
"NVMe deadlock vulnerability in Linux kernel"
Description
In the Linux kernel, the following vulnerability has been resolved: nvme: fix reconnection fail due to reserved tag allocation We found a issue on production environment while using NVMe over RDMA, admin_q reconnect failed forever while remote target and network is ok. After dig into it, we found it may caused by a ABBA deadlock due to tag allocation. In my case, the tag was hold by a keep alive request waiting inside admin_q, as we quiesced admin_q while reset ctrl, so the request maked as idle and will not process before reset success. As fabric_q shares tagset with admin_q, while reconnect remote target, we need a tag for connect command, but the only one reserved tag was held by keep alive command which waiting inside admin_q. As a result, we failed to reconnect admin_q forever. In order to fix this issue, I think we should keep two reserved tags for admin queue.
INFO
Published Date :
May 17, 2024, 1:15 p.m.
Last Modified :
Nov. 21, 2024, 9:04 a.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
3.6
Exploitability Score :
1.8
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-27435.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-27435 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2024-27435 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/149afee5c7418ec5db9d7387b9c9a5c1eb7ea2a8 Added Reference https://git.kernel.org/stable/c/262da920896e2f2ab0e3947d9dbee0aa09045818 Added Reference https://git.kernel.org/stable/c/6851778504cdb49431809b4ba061903d5f592c96 Added Reference https://git.kernel.org/stable/c/de105068fead55ed5c07ade75e9c8e7f86a00d1d Added Reference https://git.kernel.org/stable/c/ff2f90f88d78559802466ad1c84ac5bda4416b3a -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Nov. 06, 2024
Action Type Old Value New Value Added CVSS V3.1 CISA-ADP AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
May. 29, 2024
Action Type Old Value New Value -
CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
May. 17, 2024
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: nvme: fix reconnection fail due to reserved tag allocation We found a issue on production environment while using NVMe over RDMA, admin_q reconnect failed forever while remote target and network is ok. After dig into it, we found it may caused by a ABBA deadlock due to tag allocation. In my case, the tag was hold by a keep alive request waiting inside admin_q, as we quiesced admin_q while reset ctrl, so the request maked as idle and will not process before reset success. As fabric_q shares tagset with admin_q, while reconnect remote target, we need a tag for connect command, but the only one reserved tag was held by keep alive command which waiting inside admin_q. As a result, we failed to reconnect admin_q forever. In order to fix this issue, I think we should keep two reserved tags for admin queue. Added Reference kernel.org https://git.kernel.org/stable/c/149afee5c7418ec5db9d7387b9c9a5c1eb7ea2a8 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/ff2f90f88d78559802466ad1c84ac5bda4416b3a [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/6851778504cdb49431809b4ba061903d5f592c96 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/262da920896e2f2ab0e3947d9dbee0aa09045818 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/de105068fead55ed5c07ade75e9c8e7f86a00d1d [No types assigned]
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-27435 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-27435
weaknesses.