Deadlock Vulnerability in Linux Kernel SCSI Megaraid_sas Driver
CVE-2024-57807

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 January 2025

What is CVE-2024-57807?

A deadlock vulnerability has been identified in the Linux kernel's SCSI megaraid_sas driver, where a possible circular locking dependency could lead to system instability. This occurs when two or more locking mechanisms are engaged in such a way that each is waiting for the other to release its lock, potentially causing a complete standstill in system operations. The recent fix addresses this issue by strategically releasing the reset_mutex temporarily to prevent the deadlock condition, thereby enhancing the overall resilience and performance of the SCSI subsystem.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 78afb9bfad00c4aa58a424111d7edbcab9452f2b

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 3c654998a3e8167a58b6c6fede545fe400a4b554

References

https://git.kernel.org/stable/c/78afb9bfad00c4aa58a424111...

https://git.kernel.org/stable/c/f36d024bd15ed356a80dda3dd...

https://git.kernel.org/stable/c/3c654998a3e8167a58b6c6fed...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 11, 2025
Vulnerability Reserved
Jan 11, 2025