Bug 2281958 (CVE-2024-36003)

Summary: CVE-2024-36003 kernel: ice: fix LAG and VF lock dependency in ice_reset_vf()
Product: [Other] Security Response Reporter: Robb Gatica <rgatica>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, allarkin, aquini, bhu, chwhite, cye, cyin, dbohanno, debarbos, dfreiber, drow, dvlasenk, esandeen, ezulian, hkrzesin, jarod, jburrell, jdenham, jfaracco, jlelli, joe.lawrence, jshortt, jstancek, jwyatt, kcarcia, ldoskova, lgoncalv, lzampier, mleitner, mmilgram, mstowell, nmurray, ptalbert, rparrazo, rrobaina, rvrbovsk, rysulliv, scweaver, sidakwo, sukulkar, tglozar, tyberry, vkumar, wcosta, williams, wmealing, ycote, ykopkova, zhijwang
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel 6.6.30, kernel 6.8.9, kernel 6.9 Doc Type: If docs needed, set a value
Doc Text:
CVE-2024-36003 pertains to a deadlock vulnerability in the Linux kernel's ICE driver, which manages Intel Ethernet controllers. The issue arises from improper lock acquisition order between the Link Aggregation (LAG) mutex and the Virtual Function (VF) configuration lock within the ice_reset_vf() function. This misordering can lead to a circular dependency, causing the system to hang.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2281959    
Bug Blocks: 2282032    

Description Robb Gatica 2024-05-20 17:35:42 UTC 
In the Linux kernel, the following vulnerability has been resolved:

ice: fix LAG and VF lock dependency in ice_reset_vf()

The Linux kernel CVE team has assigned CVE-2024-36003 to this issue.

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024052024-CVE-2024-36003-33b4@gregkh/T
Comment 1 Robb Gatica 2024-05-20 17:36:17 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2281959]
Comment 3 errata-xmlrpc 2024-08-28 12:20:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:5928 https://access.redhat.com/errata/RHSA-2024:5928