CVE-2024-26775

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-26775

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26775.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-26775

Downstream

AZL-54978

BELL-CVE-2024-26775

DEBIAN-CVE-2024-26775

ROOT-OS-DEBIAN-11-CVE-2024-26775

ROOT-OS-UBUNTU-2204-CVE-2024-26775

SUSE-SU-2024:1979-1

SUSE-SU-2024:1983-1

SUSE-SU-2024:2008-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2135-1

SUSE-SU-2024:2184-1

SUSE-SU-2024:2190-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

UBUNTU-CVE-2024-26775

USN-7774-1

USN-7774-2

USN-7774-3

USN-7774-4

USN-7774-5

USN-7775-1

USN-7775-2

USN-7775-3

USN-7776-1

Related

Published

2024-04-03T17:01:01.299Z

Modified

2026-05-28T03:54:24.035300686Z

Summary

aoe: avoid potential deadlock at set_capacity

Details

In the Linux kernel, the following vulnerability has been resolved:

aoe: avoid potential deadlock at set_capacity

Move set_capacity() outside of the section procected by (&d->lock). To avoid possible interrupt unsafe locking scenario:

    CPU0                    CPU1
    ----                    ----

[1] lock(&bdev->bdsizelock); localirqdisable(); [2] lock(&d->lock); [3] lock(&bdev->bdsizelock); <Interrupt> [4] lock(&d->lock);

*** DEADLOCK ***

Where 1 hold by zramadd()->setcapacity(). [2]lock(&d->lock) hold by aoeblkgdalloc(). And aoeblkgdalloc() is trying to acquire 3 at setcapacity() call. In this situation an attempt to acquire [4]lock(&d->lock) from aoecmdcfg_rsp() will lead to deadlock.

So the simplest solution is breaking lock dependency 2 -> 3 by moving set_capacity() outside.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26775.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

a782483cc1f875355690625d8253a232f2581418

Fixed

2499fa286fb010ceb289950050199f33c26667b9

Fixed

2d623c94fbba3554f4446ba6f3c764994e8b0d26

Fixed

673629018ba04906899dcb631beec34d871f709c

Fixed

19a77b27163820f793b4d022979ffdca8f659b77

Fixed

e169bd4fb2b36c4b2bee63c35c740c85daeb2e86

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26775.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.189

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.80

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.19

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.7.7

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26775.json"