CVE-2024-57807
Linux Kernel; Possible Circular Locking Dependency Detected in MegaRAID SAS Driver
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix for a potential deadlock This fixes a 'possible circular locking dependency detected' warning CPU0 CPU1 ---- ---- lock(&instance->reset_mutex); lock(&shost->scan_mutex); lock(&instance->reset_mutex); lock(&shost->scan_mutex); Fix this by temporarily releasing the reset_mutex.
INFO
Published Date :
Jan. 11, 2025, 1:15 p.m.
Last Modified :
Jan. 16, 2025, 3:19 p.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
3.6
Exploitability Score :
1.8
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-57807.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-57807 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2024-57807 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Jan. 16, 2025
Action Type Old Value New Value Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Added CWE NIST CWE-667 Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to (excluding) 5.4.289 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.233 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.176 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.123 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.69 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.12.8 *cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:* Changed Reference Type https://git.kernel.org/stable/c/3c654998a3e8167a58b6c6fede545fe400a4b554 No Types Assigned https://git.kernel.org/stable/c/3c654998a3e8167a58b6c6fede545fe400a4b554 Patch Changed Reference Type https://git.kernel.org/stable/c/466ca39dbf5d0ba71c16b15c27478a9c7d4022a8 No Types Assigned https://git.kernel.org/stable/c/466ca39dbf5d0ba71c16b15c27478a9c7d4022a8 Patch Changed Reference Type https://git.kernel.org/stable/c/50740f4dc78b41dec7c8e39772619d5ba841ddd7 No Types Assigned https://git.kernel.org/stable/c/50740f4dc78b41dec7c8e39772619d5ba841ddd7 Patch Changed Reference Type https://git.kernel.org/stable/c/78afb9bfad00c4aa58a424111d7edbcab9452f2b No Types Assigned https://git.kernel.org/stable/c/78afb9bfad00c4aa58a424111d7edbcab9452f2b Patch Changed Reference Type https://git.kernel.org/stable/c/edadc693bfcc0f1ea08b8fa041c9361fd042410d No Types Assigned https://git.kernel.org/stable/c/edadc693bfcc0f1ea08b8fa041c9361fd042410d Patch Changed Reference Type https://git.kernel.org/stable/c/f36d024bd15ed356a80dda3ddc46d0a62aa55815 No Types Assigned https://git.kernel.org/stable/c/f36d024bd15ed356a80dda3ddc46d0a62aa55815 Patch Changed Reference Type https://git.kernel.org/stable/c/f50783148ec98a1d38b87422e2ceaf2380b7b606 No Types Assigned https://git.kernel.org/stable/c/f50783148ec98a1d38b87422e2ceaf2380b7b606 Patch -
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Jan. 11, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix for a potential deadlock This fixes a 'possible circular locking dependency detected' warning CPU0 CPU1 ---- ---- lock(&instance->reset_mutex); lock(&shost->scan_mutex); lock(&instance->reset_mutex); lock(&shost->scan_mutex); Fix this by temporarily releasing the reset_mutex. Added Reference https://git.kernel.org/stable/c/3c654998a3e8167a58b6c6fede545fe400a4b554 Added Reference https://git.kernel.org/stable/c/466ca39dbf5d0ba71c16b15c27478a9c7d4022a8 Added Reference https://git.kernel.org/stable/c/50740f4dc78b41dec7c8e39772619d5ba841ddd7 Added Reference https://git.kernel.org/stable/c/78afb9bfad00c4aa58a424111d7edbcab9452f2b Added Reference https://git.kernel.org/stable/c/edadc693bfcc0f1ea08b8fa041c9361fd042410d Added Reference https://git.kernel.org/stable/c/f36d024bd15ed356a80dda3ddc46d0a62aa55815 Added Reference https://git.kernel.org/stable/c/f50783148ec98a1d38b87422e2ceaf2380b7b606
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-57807 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-57807
weaknesses.