{ "containers": { "cna": { "providerMetadata": { "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fc: do not wait in vain when unloading module\n\nThe module exit path has race between deleting all controllers and\nfreeing 'left over IDs'. To prevent double free a synchronization\nbetween nvme_delete_ctrl and ida_destroy has been added by the initial\ncommit.\n\nThere is some logic around trying to prevent from hanging forever in\nwait_for_completion, though it does not handling all cases. E.g.\nblktests is able to reproduce the situation where the module unload\nhangs forever.\n\nIf we completely rely on the cleanup code executed from the\nnvme_delete_ctrl path, all IDs will be freed eventually. This makes\ncalling ida_destroy unnecessary. We only have to ensure that all\nnvme_delete_ctrl code has been executed before we leave\nnvme_fc_exit_module. This is done by flushing the nvme_delete_wq\nworkqueue.\n\nWhile at it, remove the unused nvme_fc_wq workqueue too." } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "drivers/nvme/host/fc.c" ], "versions": [ { "version": "1da177e4c3f4", "lessThan": "4f2c95015ec2", "status": "affected", "versionType": "git" }, { "version": "1da177e4c3f4", "lessThan": "0bf567d6d9ff", "status": "affected", "versionType": "git" }, { "version": "1da177e4c3f4", "lessThan": "085195aa90a9", "status": "affected", "versionType": "git" }, { "version": "1da177e4c3f4", "lessThan": "baa6b7eb8c66", "status": "affected", "versionType": "git" }, { "version": "1da177e4c3f4", "lessThan": "c0882c366418", "status": "affected", "versionType": "git" }, { "version": "1da177e4c3f4", "lessThan": "70fbfc47a392", "status": "affected", "versionType": "git" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "drivers/nvme/host/fc.c" ], "versions": [ { "version": "5.10.211", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.15.150", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.1.80", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.6.19", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.7.7", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/4f2c95015ec2a1899161be6c0bdaecedd5a7bfb2" }, { "url": "https://git.kernel.org/stable/c/0bf567d6d9ffe09e059bbdfb4d07143cef42c75c" }, { "url": "https://git.kernel.org/stable/c/085195aa90a924c79e35569bcdad860d764a8e17" }, { "url": "https://git.kernel.org/stable/c/baa6b7eb8c66486bd64608adc63fe03b30d3c0b9" }, { "url": "https://git.kernel.org/stable/c/c0882c366418bf9c19e1ba7f270fe377a9bf5d67" }, { "url": "https://git.kernel.org/stable/c/70fbfc47a392b98e5f8dba70c6efc6839205c982" } ], "title": "nvme-fc: do not wait in vain when unloading module", "x_generator": { "engine": "bippy-a5840b7849dd" } } }, "cveMetadata": { "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", "cveID": "CVE-2024-26846", "requesterUserId": "gregkh@kernel.org", "serial": "1", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.0" }