CVE-2024-26627
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2024-12-19 08:43
Summary
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler Inside scsi_eh_wakeup(), scsi_host_busy() is called & checked with host lock every time for deciding if error handler kthread needs to be waken up. This can be too heavy in case of recovery, such as: - N hardware queues - queue depth is M for each hardware queue - each scsi_host_busy() iterates over (N * M) tag/requests If recovery is triggered in case that all requests are in-flight, each scsi_eh_wakeup() is strictly serialized, when scsi_eh_wakeup() is called for the last in-flight request, scsi_host_busy() has been run for (N * M - 1) times, and request has been iterated for (N*M - 1) * (N * M) times. If both N and M are big enough, hard lockup can be triggered on acquiring host lock, and it is observed on mpi3mr(128 hw queues, queue depth 8169). Fix the issue by calling scsi_host_busy() outside the host lock. We don't need the host lock for getting busy count because host the lock never covers that. [mkp: Drop unnecessary 'busy' variables pointed out by Bart]
Impacted products
Vendor Product Version
Linux Linux Version: 5.5
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26627",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-23T15:54:15.450474Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-31T15:10:07.435Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:07:19.707Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f5944853f7a961fedc1227dc8f60393f8936d37c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d37c1c81419fdef66ebd0747cf76fb8b7d979059"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/db6338f45971b4285ea368432a84033690eaf53c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/65ead8468c21c2676d4d06f50b46beffdea69df1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/07e3ca0f17f579491b5f54e9ed05173d6c1d6fcb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4373534a9850627a2695317944898eb1283a2db0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/scsi_error.c",
            "drivers/scsi/scsi_lib.c",
            "drivers/scsi/scsi_priv.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f5944853f7a961fedc1227dc8f60393f8936d37c",
              "status": "affected",
              "version": "6eb045e092efefafc6687409a6fa6d1dabf0fb69",
              "versionType": "git"
            },
            {
              "lessThan": "d37c1c81419fdef66ebd0747cf76fb8b7d979059",
              "status": "affected",
              "version": "6eb045e092efefafc6687409a6fa6d1dabf0fb69",
              "versionType": "git"
            },
            {
              "lessThan": "db6338f45971b4285ea368432a84033690eaf53c",
              "status": "affected",
              "version": "6eb045e092efefafc6687409a6fa6d1dabf0fb69",
              "versionType": "git"
            },
            {
              "lessThan": "65ead8468c21c2676d4d06f50b46beffdea69df1",
              "status": "affected",
              "version": "6eb045e092efefafc6687409a6fa6d1dabf0fb69",
              "versionType": "git"
            },
            {
              "lessThan": "07e3ca0f17f579491b5f54e9ed05173d6c1d6fcb",
              "status": "affected",
              "version": "6eb045e092efefafc6687409a6fa6d1dabf0fb69",
              "versionType": "git"
            },
            {
              "lessThan": "4373534a9850627a2695317944898eb1283a2db0",
              "status": "affected",
              "version": "6eb045e092efefafc6687409a6fa6d1dabf0fb69",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/scsi_error.c",
            "drivers/scsi/scsi_lib.c",
            "drivers/scsi/scsi_priv.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Move scsi_host_busy() out of host lock for waking up EH handler\n\nInside scsi_eh_wakeup(), scsi_host_busy() is called \u0026 checked with host\nlock every time for deciding if error handler kthread needs to be waken up.\n\nThis can be too heavy in case of recovery, such as:\n\n - N hardware queues\n\n - queue depth is M for each hardware queue\n\n - each scsi_host_busy() iterates over (N * M) tag/requests\n\nIf recovery is triggered in case that all requests are in-flight, each\nscsi_eh_wakeup() is strictly serialized, when scsi_eh_wakeup() is called\nfor the last in-flight request, scsi_host_busy() has been run for (N * M -\n1) times, and request has been iterated for (N*M - 1) * (N * M) times.\n\nIf both N and M are big enough, hard lockup can be triggered on acquiring\nhost lock, and it is observed on mpi3mr(128 hw queues, queue depth 8169).\n\nFix the issue by calling scsi_host_busy() outside the host lock. We don\u0027t\nneed the host lock for getting busy count because host the lock never\ncovers that.\n\n[mkp: Drop unnecessary \u0027busy\u0027 variables pointed out by Bart]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T08:43:48.159Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f5944853f7a961fedc1227dc8f60393f8936d37c"
        },
        {
          "url": "https://git.kernel.org/stable/c/d37c1c81419fdef66ebd0747cf76fb8b7d979059"
        },
        {
          "url": "https://git.kernel.org/stable/c/db6338f45971b4285ea368432a84033690eaf53c"
        },
        {
          "url": "https://git.kernel.org/stable/c/65ead8468c21c2676d4d06f50b46beffdea69df1"
        },
        {
          "url": "https://git.kernel.org/stable/c/07e3ca0f17f579491b5f54e9ed05173d6c1d6fcb"
        },
        {
          "url": "https://git.kernel.org/stable/c/4373534a9850627a2695317944898eb1283a2db0"
        }
      ],
      "title": "scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26627",
    "datePublished": "2024-03-06T06:45:34.339Z",
    "dateReserved": "2024-02-19T14:20:24.135Z",
    "dateUpdated": "2024-12-19T08:43:48.159Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-26627\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-03-06T07:15:12.973\",\"lastModified\":\"2024-11-21T09:02:43.143\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nscsi: core: Move scsi_host_busy() out of host lock for waking up EH handler\\n\\nInside scsi_eh_wakeup(), scsi_host_busy() is called \u0026 checked with host\\nlock every time for deciding if error handler kthread needs to be waken up.\\n\\nThis can be too heavy in case of recovery, such as:\\n\\n - N hardware queues\\n\\n - queue depth is M for each hardware queue\\n\\n - each scsi_host_busy() iterates over (N * M) tag/requests\\n\\nIf recovery is triggered in case that all requests are in-flight, each\\nscsi_eh_wakeup() is strictly serialized, when scsi_eh_wakeup() is called\\nfor the last in-flight request, scsi_host_busy() has been run for (N * M -\\n1) times, and request has been iterated for (N*M - 1) * (N * M) times.\\n\\nIf both N and M are big enough, hard lockup can be triggered on acquiring\\nhost lock, and it is observed on mpi3mr(128 hw queues, queue depth 8169).\\n\\nFix the issue by calling scsi_host_busy() outside the host lock. We don\u0027t\\nneed the host lock for getting busy count because host the lock never\\ncovers that.\\n\\n[mkp: Drop unnecessary \u0027busy\u0027 variables pointed out by Bart]\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: core: Saque scsi_host_busy() del bloqueo del host para activar el controlador EH Dentro de scsi_eh_wakeup(), se llama a scsi_host_busy() y se verifica con el bloqueo del host cada vez para decidir si se produce un error. Es necesario activar el controlador kthread. Esto puede ser demasiado pesado en caso de recuperaci\u00f3n, como por ejemplo: - N colas de hardware - la profundidad de la cola es M para cada cola de hardware - cada scsi_host_busy() itera sobre (N * M) etiquetas/solicitudes Si la recuperaci\u00f3n se activa en caso de que todas las solicitudes est\u00e1n en curso, cada scsi_eh_wakeup() est\u00e1 estrictamente serializado, cuando se llama a scsi_eh_wakeup() para la \u00faltima solicitud en curso, scsi_host_busy() se ha ejecutado (N * M - 1) veces y la solicitud se ha iterado durante ( N*M - 1) * (N * M) veces. Si tanto N como M son lo suficientemente grandes, se puede activar un bloqueo duro al adquirir el bloqueo del host, y se observa en mpi3mr (128 colas hw, profundidad de cola 8169). Solucione el problema llamando a scsi_host_busy() fuera del bloqueo del host. No necesitamos el bloqueo del host para obtener el recuento de ocupaci\u00f3n porque el bloqueo del host nunca cubre eso. [mkp: elimine las variables \u0027ocupadas\u0027 innecesarias se\u00f1aladas por Bart]\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/07e3ca0f17f579491b5f54e9ed05173d6c1d6fcb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4373534a9850627a2695317944898eb1283a2db0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/65ead8468c21c2676d4d06f50b46beffdea69df1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d37c1c81419fdef66ebd0747cf76fb8b7d979059\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/db6338f45971b4285ea368432a84033690eaf53c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f5944853f7a961fedc1227dc8f60393f8936d37c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/07e3ca0f17f579491b5f54e9ed05173d6c1d6fcb\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/4373534a9850627a2695317944898eb1283a2db0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/65ead8468c21c2676d4d06f50b46beffdea69df1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/d37c1c81419fdef66ebd0747cf76fb8b7d979059\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/db6338f45971b4285ea368432a84033690eaf53c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/f5944853f7a961fedc1227dc8f60393f8936d37c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.