AZL-48252

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-48252.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-48252

Upstream

CVE-2024-38553

Published

2024-06-19T14:15:15Z

Modified

2026-04-01T05:17:10.100118Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-38553 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

net: fec: remove .ndopollcontroller to avoid deadlocks

There is a deadlock issue found in sungem driver, please refer to the commit ac0a230f719b ("eth: sungem: remove .ndopollcontroller to avoid deadlocks"). The root cause of the issue is that netpoll is in atomic context and disableirq() is called by .ndopollcontroller interface of sungem driver, however, disableirq() might sleep. After analyzing the implementation of fecpollcontroller(), the fec driver should have the same issue. Due to the fec driver uses NAPI for TX completions, the .ndopollcontroller is unnecessary to be implemented in the fec driver, so fecpollcontroller() can be safely removed.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-38553

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-48252.json"