CVE-2024-39507

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash problem in concurrent scenario When link status change, the nic driver need to notify the roce driver to handle this event, but at this time, the roce driver may uninit, then cause kernel crash. To fix the problem, when link status change, need to check whether the roce registered, and when uninit, need to wait link update finish.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/12cda920212a49fa22d9e8b9492ac4ea013310a4	Patch
https://git.kernel.org/stable/c/62b5dfb67bfa8bd0301bf3442004563495f9ee48	Patch
https://git.kernel.org/stable/c/689de7c3bfc7d47e0eacc641c4ce4a0f579aeefa	Patch
https://git.kernel.org/stable/c/6d0007f7b69d684879a0f598a042e40244d3cf63	Patch
https://git.kernel.org/stable/c/b2c5024b771cd1dd8175d5f6949accfadbab7edd	Patch
https://git.kernel.org/stable/c/12cda920212a49fa22d9e8b9492ac4ea013310a4	Patch
https://git.kernel.org/stable/c/62b5dfb67bfa8bd0301bf3442004563495f9ee48	Patch
https://git.kernel.org/stable/c/689de7c3bfc7d47e0eacc641c4ce4a0f579aeefa	Patch
https://git.kernel.org/stable/c/6d0007f7b69d684879a0f598a042e40244d3cf63	Patch
https://git.kernel.org/stable/c/b2c5024b771cd1dd8175d5f6949accfadbab7edd	Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc3::::::

History

03 Nov 2025, 22:17

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html -

Information

Published : 2024-07-12 13:15

Updated : 2025-11-03 22:17

NVD link : CVE-2024-39507

Mitre link : CVE-2024-39507

CVE.ORG link : CVE-2024-39507

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-908

Use of Uninitialized Resource

{"id": "CVE-2024-39507", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-07-12T13:15:13.050", "references": [{"url": "https://git.kernel.org/stable/c/12cda920212a49fa22d9e8b9492ac4ea013310a4", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/62b5dfb67bfa8bd0301bf3442004563495f9ee48", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/689de7c3bfc7d47e0eacc641c4ce4a0f579aeefa", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6d0007f7b69d684879a0f598a042e40244d3cf63", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b2c5024b771cd1dd8175d5f6949accfadbab7edd", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/12cda920212a49fa22d9e8b9492ac4ea013310a4", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/62b5dfb67bfa8bd0301bf3442004563495f9ee48", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/689de7c3bfc7d47e0eacc641c4ce4a0f579aeefa", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/6d0007f7b69d684879a0f598a042e40244d3cf63", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/b2c5024b771cd1dd8175d5f6949accfadbab7edd", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-908"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash problem in concurrent scenario\n\nWhen link status change, the nic driver need to notify the roce\ndriver to handle this event, but at this time, the roce driver\nmay uninit, then cause kernel crash.\n\nTo fix the problem, when link status change, need to check\nwhether the roce registered, and when uninit, need to wait link\nupdate finish."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: hns3: soluciona el problema de falla del kernel en un escenario concurrente Cuando el estado del enlace cambia, el controlador nic debe notificar al controlador roce para manejar este evento, pero en este momento, el controlador roce puede desiniciar y luego causar un fallo del kernel. Para solucionar el problema, cuando cambia el estado del enlace, es necesario verificar si el roce se registr\u00f3 y, cuando se desinstala, es necesario esperar a que finalice la actualizaci\u00f3n del enlace."}], "lastModified": "2025-11-03T22:17:06.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBBC1ACE-C74C-483B-8DB2-168B21552C27", "versionEndExcluding": "5.15.162", "versionStartIncluding": "5.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D435765D-2766-44F5-B319-F713A13E35CE", "versionEndExcluding": "6.1.95", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F019D15-84C0-416B-8C57-7F51B68992F0", "versionEndExcluding": "6.6.35", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0ABBBA1D-F79D-4BDB-AA41-D1EDCC4A6975", "versionEndExcluding": "6.9.6", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}