Bug 2293686 (CVE-2024-37353)
| Summary: | CVE-2024-37353 kernel: virtio: delete vq in vp_find_vqs_msix() when request_irq() fails | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Patrick Del Bello <pdelbell> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | dfreiber, drow, jburrell, mbenatto, vkumar |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | kernel 4.19.316, kernel 5.4.278, kernel 5.10.219, kernel 5.15.161, kernel 6.1.93, kernel 6.6.33, kernel 6.9.4, kernel 6.10-rc1 | Doc Type: | If docs needed, set a value |
| Doc Text: |
[REJECTED CVE] A resource management issue exists in the Linux Kernel's virtio module. When request_irq() fails in vp_find_vqs_msix(), the cleanup path incorrectly attempts to free an already released IRQ, resulting in warnings and potential system instability. This issue arises from the mishandling of virtual queue deletion during error handling.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2293939 | ||
|
Description
Patrick Del Bello
2024-06-21 19:10:45 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:5363 https://access.redhat.com/errata/RHSA-2024:5363 This CVE has been rejected upstream: https://lore.kernel.org/linux-cve-announce/2024082213-REJECTED-915e@gregkh/T/#u |