CVE-2024-50135
- Source
- https://cve.org/CVERecord?id=CVE-2024-50135
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50135.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-50135
- Downstream
- Related
- Published
- 2024-11-05T17:10:59.591Z
- Modified
- 2026-03-20T12:39:35.831618Z
- Severity
-
- 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- nvme-pci: fix race condition between reset and nvme_dev_disable()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
nvme-pci: fix race condition between reset and nvmedevdisable()
nvmedevdisable() modifies the dev->onlinequeues field, therefore nvmepciupdatenrqueues() should avoid racing against it, otherwise we could end up passing invalid values to blkmqupdatenrhwqueues().
WARNING: CPU: 39 PID: 61303 at drivers/pci/msi/api.c:347 pciirqgetaffinity+0x187/0x210 Workqueue: nvme-reset-wq nvmeresetwork [nvme] RIP: 0010:pciirqgetaffinity+0x187/0x210 Call Trace: <TASK> ? blkmqpcimapqueues+0x87/0x3c0 ? pciirqgetaffinity+0x187/0x210 blkmqpcimapqueues+0x87/0x3c0 nvmepcimapqueues+0x189/0x460 [nvme] blkmqupdatenrhwqueues+0x2a/0x40 nvmereset_work+0x1be/0x2a0 [nvme]
Fix the bug by locking the shutdownlock mutex before using dev->onlinequeues. Give up if nvmedevdisable() is running or if it has been executed already.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50135.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/26bc0a81f64ce00fc4342c38eeb2eddaad084dd2
- https://git.kernel.org/stable/c/4ed32cc0939b64e3d7b48c8c0d63ea038775f304
- https://git.kernel.org/stable/c/b33e49a5f254474b33ce98fd45dd0ffdc247a0be
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50135.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-50135
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git