{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-39507", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-25T14:23:23.752Z", "datePublished": "2024-07-12T12:20:38.954Z", "dateUpdated": "2024-12-19T09:07:31.814Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:07:31.814Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash problem in concurrent scenario\n\nWhen link status change, the nic driver need to notify the roce\ndriver to handle this event, but at this time, the roce driver\nmay uninit, then cause kernel crash.\n\nTo fix the problem, when link status change, need to check\nwhether the roce registered, and when uninit, need to wait link\nupdate finish."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c"], "versions": [{"version": "45e92b7e4e27a427de7e87d5c4d63d4ce7ba02ab", "lessThan": "62b5dfb67bfa8bd0301bf3442004563495f9ee48", "status": "affected", "versionType": "git"}, {"version": "45e92b7e4e27a427de7e87d5c4d63d4ce7ba02ab", "lessThan": "6d0007f7b69d684879a0f598a042e40244d3cf63", "status": "affected", "versionType": "git"}, {"version": "45e92b7e4e27a427de7e87d5c4d63d4ce7ba02ab", "lessThan": "689de7c3bfc7d47e0eacc641c4ce4a0f579aeefa", "status": "affected", "versionType": "git"}, {"version": "45e92b7e4e27a427de7e87d5c4d63d4ce7ba02ab", "lessThan": "b2c5024b771cd1dd8175d5f6949accfadbab7edd", "status": "affected", "versionType": "git"}, {"version": "45e92b7e4e27a427de7e87d5c4d63d4ce7ba02ab", "lessThan": "12cda920212a49fa22d9e8b9492ac4ea013310a4", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c"], "versions": [{"version": "5.1", "status": "affected"}, {"version": "0", "lessThan": "5.1", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.95", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.35", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.6", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/62b5dfb67bfa8bd0301bf3442004563495f9ee48"}, {"url": "https://git.kernel.org/stable/c/6d0007f7b69d684879a0f598a042e40244d3cf63"}, {"url": "https://git.kernel.org/stable/c/689de7c3bfc7d47e0eacc641c4ce4a0f579aeefa"}, {"url": "https://git.kernel.org/stable/c/b2c5024b771cd1dd8175d5f6949accfadbab7edd"}, {"url": "https://git.kernel.org/stable/c/12cda920212a49fa22d9e8b9492ac4ea013310a4"}], "title": "net: hns3: fix kernel crash problem in concurrent scenario", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:15.929Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/62b5dfb67bfa8bd0301bf3442004563495f9ee48", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6d0007f7b69d684879a0f598a042e40244d3cf63", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/689de7c3bfc7d47e0eacc641c4ce4a0f579aeefa", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b2c5024b771cd1dd8175d5f6949accfadbab7edd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/12cda920212a49fa22d9e8b9492ac4ea013310a4", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39507", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:06:51.352211Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:39.150Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/62b5dfb67bfa8bd0301bf3442004563495f9ee48", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6d0007f7b69d684879a0f598a042e40244d3cf63", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/689de7c3bfc7d47e0eacc641c4ce4a0f579aeefa", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b2c5024b771cd1dd8175d5f6949accfadbab7edd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/12cda920212a49fa22d9e8b9492ac4ea013310a4", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:15.929Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39507", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:06:51.352211Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:24.992Z"}}], "cna": {"title": "net: hns3: fix kernel crash problem in concurrent scenario", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "45e92b7e4e27a427de7e87d5c4d63d4ce7ba02ab", "lessThan": "62b5dfb67bfa8bd0301bf3442004563495f9ee48", "versionType": "git"}, {"status": "affected", "version": "45e92b7e4e27a427de7e87d5c4d63d4ce7ba02ab", "lessThan": "6d0007f7b69d684879a0f598a042e40244d3cf63", "versionType": "git"}, {"status": "affected", "version": "45e92b7e4e27a427de7e87d5c4d63d4ce7ba02ab", "lessThan": "689de7c3bfc7d47e0eacc641c4ce4a0f579aeefa", "versionType": "git"}, {"status": "affected", "version": "45e92b7e4e27a427de7e87d5c4d63d4ce7ba02ab", "lessThan": "b2c5024b771cd1dd8175d5f6949accfadbab7edd", "versionType": "git"}, {"status": "affected", "version": "45e92b7e4e27a427de7e87d5c4d63d4ce7ba02ab", "lessThan": "12cda920212a49fa22d9e8b9492ac4ea013310a4", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.1"}, {"status": "unaffected", "version": "0", "lessThan": "5.1", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.162", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.95", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.35", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.6", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/62b5dfb67bfa8bd0301bf3442004563495f9ee48"}, {"url": "https://git.kernel.org/stable/c/6d0007f7b69d684879a0f598a042e40244d3cf63"}, {"url": "https://git.kernel.org/stable/c/689de7c3bfc7d47e0eacc641c4ce4a0f579aeefa"}, {"url": "https://git.kernel.org/stable/c/b2c5024b771cd1dd8175d5f6949accfadbab7edd"}, {"url": "https://git.kernel.org/stable/c/12cda920212a49fa22d9e8b9492ac4ea013310a4"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash problem in concurrent scenario\n\nWhen link status change, the nic driver need to notify the roce\ndriver to handle this event, but at this time, the roce driver\nmay uninit, then cause kernel crash.\n\nTo fix the problem, when link status change, need to check\nwhether the roce registered, and when uninit, need to wait link\nupdate finish."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:07:31.814Z"}}}, "cveMetadata": {"cveId": "CVE-2024-39507", "state": "PUBLISHED", "dateUpdated": "2024-12-19T09:07:31.814Z", "dateReserved": "2024-06-25T14:23:23.752Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-12T12:20:38.954Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBBC1ACE-C74C-483B-8DB2-168B21552C27", "versionEndExcluding": "5.15.162", "versionStartIncluding": "5.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D435765D-2766-44F5-B319-F713A13E35CE", "versionEndExcluding": "6.1.95", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F019D15-84C0-416B-8C57-7F51B68992F0", "versionEndExcluding": "6.6.35", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0ABBBA1D-F79D-4BDB-AA41-D1EDCC4A6975", "versionEndExcluding": "6.9.6", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash problem in concurrent scenario\n\nWhen link status change, the nic driver need to notify the roce\ndriver to handle this event, but at this time, the roce driver\nmay uninit, then cause kernel crash.\n\nTo fix the problem, when link status change, need to check\nwhether the roce registered, and when uninit, need to wait link\nupdate finish."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: hns3: soluciona el problema de falla del kernel en un escenario concurrente Cuando el estado del enlace cambia, el controlador nic debe notificar al controlador roce para manejar este evento, pero en este momento, el controlador roce puede desiniciar y luego causar un fallo del kernel. Para solucionar el problema, cuando cambia el estado del enlace, es necesario verificar si el roce se registr\u00f3 y, cuando se desinstala, es necesario esperar a que finalice la actualizaci\u00f3n del enlace."}], "id": "CVE-2024-39507", "lastModified": "2025-03-06T12:53:17.520", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-12T13:15:13.050", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/12cda920212a49fa22d9e8b9492ac4ea013310a4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/62b5dfb67bfa8bd0301bf3442004563495f9ee48"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/689de7c3bfc7d47e0eacc641c4ce4a0f579aeefa"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6d0007f7b69d684879a0f598a042e40244d3cf63"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b2c5024b771cd1dd8175d5f6949accfadbab7edd"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/12cda920212a49fa22d9e8b9492ac4ea013310a4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/62b5dfb67bfa8bd0301bf3442004563495f9ee48"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/689de7c3bfc7d47e0eacc641c4ce4a0f579aeefa"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6d0007f7b69d684879a0f598a042e40244d3cf63"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b2c5024b771cd1dd8175d5f6949accfadbab7edd"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:10771", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "kernel-0:5.14.0-427.47.1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2024-12-04T00:00:00Z"}], "bugzilla": {"description": "kernel: net: hns3: fix kernel crash problem in concurrent scenario", "id": "2297702", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297702"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: hns3: fix kernel crash problem in concurrent scenario\nWhen link status change, the nic driver need to notify the roce\ndriver to handle this event, but at this time, the roce driver\nmay uninit, then cause kernel crash.\nTo fix the problem, when link status change, need to check\nwhether the roce registered, and when uninit, need to wait link\nupdate finish."], "name": "CVE-2024-39507", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-39507\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-39507\nhttps://lore.kernel.org/linux-cve-announce/2024071205-CVE-2024-39507-cbc6@gregkh/T"], "threat_severity": "Moderate"}