Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2024-26627

Disclosure Date: March 06, 2024 •

CVE-2024-26627

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler

Inside scsi_eh_wakeup(), scsi_host_busy() is called & checked with host
lock every time for deciding if error handler kthread needs to be waken up.

This can be too heavy in case of recovery, such as:

N hardware queues
queue depth is M for each hardware queue
each scsi_host_busy() iterates over (N * M) tag/requests

If recovery is triggered in case that all requests are in-flight, each
scsi_eh_wakeup() is strictly serialized, when scsi_eh_wakeup() is called
for the last in-flight request, scsi_host_busy() has been run for (N * M -

times, and request has been iterated for (N*M – 1) * (N * M) times.

If both N and M are big enough, hard lockup can be triggered on acquiring
host lock, and it is observed on mpi3mr(128 hw queues, queue depth 8169).

Fix the issue by calling scsi_host_busy() outside the host lock. We don’t
need the host lock for getting busy count because host the lock never
covers that.

[mkp: Drop unnecessary ‘busy’ variables pointed out by Bart]

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

Linux

Products

Linux

References

Canonical

CVE-2024-26627 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26627)

Miscellaneous

https://git.kernel.org/stable/c/f5944853f7a961fedc1227dc8f60393f8936d37c

https://git.kernel.org/stable/c/d37c1c81419fdef66ebd0747cf76fb8b7d979059

https://git.kernel.org/stable/c/db6338f45971b4285ea368432a84033690eaf53c

https://git.kernel.org/stable/c/65ead8468c21c2676d4d06f50b46beffdea69df1

https://git.kernel.org/stable/c/07e3ca0f17f579491b5f54e9ed05173d6c1d6fcb

https://git.kernel.org/stable/c/4373534a9850627a2695317944898eb1283a2db0

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Rapid7

Unknown

CVE-2024-26627

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2024-26627

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2024-26627

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2024-26627

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification