CVE-2024-42294 (GCVE-0-2024-42294)

Vulnerability from cvelistv5 – Published: 2024-08-17 09:09 – Updated: 2026-05-11 20:29
VLAI
Title
block: fix deadlock between sd_remove & sd_release
Summary
In the Linux kernel, the following vulnerability has been resolved: block: fix deadlock between sd_remove & sd_release Our test report the following hung task: [ 2538.459400] INFO: task "kworker/0:0":7 blocked for more than 188 seconds. [ 2538.459427] Call trace: [ 2538.459430] __switch_to+0x174/0x338 [ 2538.459436] __schedule+0x628/0x9c4 [ 2538.459442] schedule+0x7c/0xe8 [ 2538.459447] schedule_preempt_disabled+0x24/0x40 [ 2538.459453] __mutex_lock+0x3ec/0xf04 [ 2538.459456] __mutex_lock_slowpath+0x14/0x24 [ 2538.459459] mutex_lock+0x30/0xd8 [ 2538.459462] del_gendisk+0xdc/0x350 [ 2538.459466] sd_remove+0x30/0x60 [ 2538.459470] device_release_driver_internal+0x1c4/0x2c4 [ 2538.459474] device_release_driver+0x18/0x28 [ 2538.459478] bus_remove_device+0x15c/0x174 [ 2538.459483] device_del+0x1d0/0x358 [ 2538.459488] __scsi_remove_device+0xa8/0x198 [ 2538.459493] scsi_forget_host+0x50/0x70 [ 2538.459497] scsi_remove_host+0x80/0x180 [ 2538.459502] usb_stor_disconnect+0x68/0xf4 [ 2538.459506] usb_unbind_interface+0xd4/0x280 [ 2538.459510] device_release_driver_internal+0x1c4/0x2c4 [ 2538.459514] device_release_driver+0x18/0x28 [ 2538.459518] bus_remove_device+0x15c/0x174 [ 2538.459523] device_del+0x1d0/0x358 [ 2538.459528] usb_disable_device+0x84/0x194 [ 2538.459532] usb_disconnect+0xec/0x300 [ 2538.459537] hub_event+0xb80/0x1870 [ 2538.459541] process_scheduled_works+0x248/0x4dc [ 2538.459545] worker_thread+0x244/0x334 [ 2538.459549] kthread+0x114/0x1bc [ 2538.461001] INFO: task "fsck.":15415 blocked for more than 188 seconds. [ 2538.461014] Call trace: [ 2538.461016] __switch_to+0x174/0x338 [ 2538.461021] __schedule+0x628/0x9c4 [ 2538.461025] schedule+0x7c/0xe8 [ 2538.461030] blk_queue_enter+0xc4/0x160 [ 2538.461034] blk_mq_alloc_request+0x120/0x1d4 [ 2538.461037] scsi_execute_cmd+0x7c/0x23c [ 2538.461040] ioctl_internal_command+0x5c/0x164 [ 2538.461046] scsi_set_medium_removal+0x5c/0xb0 [ 2538.461051] sd_release+0x50/0x94 [ 2538.461054] blkdev_put+0x190/0x28c [ 2538.461058] blkdev_release+0x28/0x40 [ 2538.461063] __fput+0xf8/0x2a8 [ 2538.461066] __fput_sync+0x28/0x5c [ 2538.461070] __arm64_sys_close+0x84/0xe8 [ 2538.461073] invoke_syscall+0x58/0x114 [ 2538.461078] el0_svc_common+0xac/0xe0 [ 2538.461082] do_el0_svc+0x1c/0x28 [ 2538.461087] el0_svc+0x38/0x68 [ 2538.461090] el0t_64_sync_handler+0x68/0xbc [ 2538.461093] el0t_64_sync+0x1a8/0x1ac T1: T2: sd_remove del_gendisk __blk_mark_disk_dead blk_freeze_queue_start ++q->mq_freeze_depth bdev_release mutex_lock(&disk->open_mutex) sd_release scsi_execute_cmd blk_queue_enter wait_event(!q->mq_freeze_depth) mutex_lock(&disk->open_mutex) SCSI does not set GD_OWNS_QUEUE, so QUEUE_FLAG_DYING is not set in this scenario. This is a classic ABBA deadlock. To fix the deadlock, make sure we don't try to acquire disk->open_mutex after freezing the queue.
Severity
No CVSS data available.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: eec1be4c30df73238b936fa9f3653773a6f8b15c , < 5a5625a83eac91fdff1d5f0202ecfc45a31983c9 (git)
Affected: eec1be4c30df73238b936fa9f3653773a6f8b15c , < f5418f48a93b69ed9e6a2281eee06b412f14a544 (git)
Affected: eec1be4c30df73238b936fa9f3653773a6f8b15c , < 7e04da2dc7013af50ed3a2beb698d5168d1e594b (git)
Create a notification for this product.
Linux Linux Affected: 6.5
Unaffected: 0 , < 6.5 (semver)
Unaffected: 6.6.44 , ≤ 6.6.* (semver)
Unaffected: 6.10.3 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42294",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:10:53.890596Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:29.244Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "block/genhd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5a5625a83eac91fdff1d5f0202ecfc45a31983c9",
              "status": "affected",
              "version": "eec1be4c30df73238b936fa9f3653773a6f8b15c",
              "versionType": "git"
            },
            {
              "lessThan": "f5418f48a93b69ed9e6a2281eee06b412f14a544",
              "status": "affected",
              "version": "eec1be4c30df73238b936fa9f3653773a6f8b15c",
              "versionType": "git"
            },
            {
              "lessThan": "7e04da2dc7013af50ed3a2beb698d5168d1e594b",
              "status": "affected",
              "version": "eec1be4c30df73238b936fa9f3653773a6f8b15c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "block/genhd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.5"
            },
            {
              "lessThan": "6.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.44",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.3",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix deadlock between sd_remove \u0026 sd_release\n\nOur test report the following hung task:\n\n[ 2538.459400] INFO: task \"kworker/0:0\":7 blocked for more than 188 seconds.\n[ 2538.459427] Call trace:\n[ 2538.459430]  __switch_to+0x174/0x338\n[ 2538.459436]  __schedule+0x628/0x9c4\n[ 2538.459442]  schedule+0x7c/0xe8\n[ 2538.459447]  schedule_preempt_disabled+0x24/0x40\n[ 2538.459453]  __mutex_lock+0x3ec/0xf04\n[ 2538.459456]  __mutex_lock_slowpath+0x14/0x24\n[ 2538.459459]  mutex_lock+0x30/0xd8\n[ 2538.459462]  del_gendisk+0xdc/0x350\n[ 2538.459466]  sd_remove+0x30/0x60\n[ 2538.459470]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459474]  device_release_driver+0x18/0x28\n[ 2538.459478]  bus_remove_device+0x15c/0x174\n[ 2538.459483]  device_del+0x1d0/0x358\n[ 2538.459488]  __scsi_remove_device+0xa8/0x198\n[ 2538.459493]  scsi_forget_host+0x50/0x70\n[ 2538.459497]  scsi_remove_host+0x80/0x180\n[ 2538.459502]  usb_stor_disconnect+0x68/0xf4\n[ 2538.459506]  usb_unbind_interface+0xd4/0x280\n[ 2538.459510]  device_release_driver_internal+0x1c4/0x2c4\n[ 2538.459514]  device_release_driver+0x18/0x28\n[ 2538.459518]  bus_remove_device+0x15c/0x174\n[ 2538.459523]  device_del+0x1d0/0x358\n[ 2538.459528]  usb_disable_device+0x84/0x194\n[ 2538.459532]  usb_disconnect+0xec/0x300\n[ 2538.459537]  hub_event+0xb80/0x1870\n[ 2538.459541]  process_scheduled_works+0x248/0x4dc\n[ 2538.459545]  worker_thread+0x244/0x334\n[ 2538.459549]  kthread+0x114/0x1bc\n\n[ 2538.461001] INFO: task \"fsck.\":15415 blocked for more than 188 seconds.\n[ 2538.461014] Call trace:\n[ 2538.461016]  __switch_to+0x174/0x338\n[ 2538.461021]  __schedule+0x628/0x9c4\n[ 2538.461025]  schedule+0x7c/0xe8\n[ 2538.461030]  blk_queue_enter+0xc4/0x160\n[ 2538.461034]  blk_mq_alloc_request+0x120/0x1d4\n[ 2538.461037]  scsi_execute_cmd+0x7c/0x23c\n[ 2538.461040]  ioctl_internal_command+0x5c/0x164\n[ 2538.461046]  scsi_set_medium_removal+0x5c/0xb0\n[ 2538.461051]  sd_release+0x50/0x94\n[ 2538.461054]  blkdev_put+0x190/0x28c\n[ 2538.461058]  blkdev_release+0x28/0x40\n[ 2538.461063]  __fput+0xf8/0x2a8\n[ 2538.461066]  __fput_sync+0x28/0x5c\n[ 2538.461070]  __arm64_sys_close+0x84/0xe8\n[ 2538.461073]  invoke_syscall+0x58/0x114\n[ 2538.461078]  el0_svc_common+0xac/0xe0\n[ 2538.461082]  do_el0_svc+0x1c/0x28\n[ 2538.461087]  el0_svc+0x38/0x68\n[ 2538.461090]  el0t_64_sync_handler+0x68/0xbc\n[ 2538.461093]  el0t_64_sync+0x1a8/0x1ac\n\n  T1:\t\t\t\tT2:\n  sd_remove\n  del_gendisk\n  __blk_mark_disk_dead\n  blk_freeze_queue_start\n  ++q-\u003emq_freeze_depth\n  \t\t\t\tbdev_release\n \t\t\t\tmutex_lock(\u0026disk-\u003eopen_mutex)\n  \t\t\t\tsd_release\n \t\t\t\tscsi_execute_cmd\n \t\t\t\tblk_queue_enter\n \t\t\t\twait_event(!q-\u003emq_freeze_depth)\n  mutex_lock(\u0026disk-\u003eopen_mutex)\n\nSCSI does not set GD_OWNS_QUEUE, so QUEUE_FLAG_DYING is not set in\nthis scenario. This is a classic ABBA deadlock. To fix the deadlock,\nmake sure we don\u0027t try to acquire disk-\u003eopen_mutex after freezing\nthe queue."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:29:35.508Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5a5625a83eac91fdff1d5f0202ecfc45a31983c9"
        },
        {
          "url": "https://git.kernel.org/stable/c/f5418f48a93b69ed9e6a2281eee06b412f14a544"
        },
        {
          "url": "https://git.kernel.org/stable/c/7e04da2dc7013af50ed3a2beb698d5168d1e594b"
        }
      ],
      "title": "block: fix deadlock between sd_remove \u0026 sd_release",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42294",
    "datePublished": "2024-08-17T09:09:02.984Z",
    "dateReserved": "2024-07-30T07:40:12.269Z",
    "dateUpdated": "2026-05-11T20:29:35.508Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-42294",
      "date": "2026-06-19",
      "epss": "0.00172",
      "percentile": "0.0679"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.5\", \"versionEndExcluding\": \"6.6.44\", \"matchCriteriaId\": \"9C43C45E-798F-4F27-A7BF-764CEB4C1BC9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.7\", \"versionEndExcluding\": \"6.10.3\", \"matchCriteriaId\": \"92D388F2-1EAF-4CFA-AC06-5B26D762EA7D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nblock: fix deadlock between sd_remove \u0026 sd_release\\n\\nOur test report the following hung task:\\n\\n[ 2538.459400] INFO: task \\\"kworker/0:0\\\":7 blocked for more than 188 seconds.\\n[ 2538.459427] Call trace:\\n[ 2538.459430]  __switch_to+0x174/0x338\\n[ 2538.459436]  __schedule+0x628/0x9c4\\n[ 2538.459442]  schedule+0x7c/0xe8\\n[ 2538.459447]  schedule_preempt_disabled+0x24/0x40\\n[ 2538.459453]  __mutex_lock+0x3ec/0xf04\\n[ 2538.459456]  __mutex_lock_slowpath+0x14/0x24\\n[ 2538.459459]  mutex_lock+0x30/0xd8\\n[ 2538.459462]  del_gendisk+0xdc/0x350\\n[ 2538.459466]  sd_remove+0x30/0x60\\n[ 2538.459470]  device_release_driver_internal+0x1c4/0x2c4\\n[ 2538.459474]  device_release_driver+0x18/0x28\\n[ 2538.459478]  bus_remove_device+0x15c/0x174\\n[ 2538.459483]  device_del+0x1d0/0x358\\n[ 2538.459488]  __scsi_remove_device+0xa8/0x198\\n[ 2538.459493]  scsi_forget_host+0x50/0x70\\n[ 2538.459497]  scsi_remove_host+0x80/0x180\\n[ 2538.459502]  usb_stor_disconnect+0x68/0xf4\\n[ 2538.459506]  usb_unbind_interface+0xd4/0x280\\n[ 2538.459510]  device_release_driver_internal+0x1c4/0x2c4\\n[ 2538.459514]  device_release_driver+0x18/0x28\\n[ 2538.459518]  bus_remove_device+0x15c/0x174\\n[ 2538.459523]  device_del+0x1d0/0x358\\n[ 2538.459528]  usb_disable_device+0x84/0x194\\n[ 2538.459532]  usb_disconnect+0xec/0x300\\n[ 2538.459537]  hub_event+0xb80/0x1870\\n[ 2538.459541]  process_scheduled_works+0x248/0x4dc\\n[ 2538.459545]  worker_thread+0x244/0x334\\n[ 2538.459549]  kthread+0x114/0x1bc\\n\\n[ 2538.461001] INFO: task \\\"fsck.\\\":15415 blocked for more than 188 seconds.\\n[ 2538.461014] Call trace:\\n[ 2538.461016]  __switch_to+0x174/0x338\\n[ 2538.461021]  __schedule+0x628/0x9c4\\n[ 2538.461025]  schedule+0x7c/0xe8\\n[ 2538.461030]  blk_queue_enter+0xc4/0x160\\n[ 2538.461034]  blk_mq_alloc_request+0x120/0x1d4\\n[ 2538.461037]  scsi_execute_cmd+0x7c/0x23c\\n[ 2538.461040]  ioctl_internal_command+0x5c/0x164\\n[ 2538.461046]  scsi_set_medium_removal+0x5c/0xb0\\n[ 2538.461051]  sd_release+0x50/0x94\\n[ 2538.461054]  blkdev_put+0x190/0x28c\\n[ 2538.461058]  blkdev_release+0x28/0x40\\n[ 2538.461063]  __fput+0xf8/0x2a8\\n[ 2538.461066]  __fput_sync+0x28/0x5c\\n[ 2538.461070]  __arm64_sys_close+0x84/0xe8\\n[ 2538.461073]  invoke_syscall+0x58/0x114\\n[ 2538.461078]  el0_svc_common+0xac/0xe0\\n[ 2538.461082]  do_el0_svc+0x1c/0x28\\n[ 2538.461087]  el0_svc+0x38/0x68\\n[ 2538.461090]  el0t_64_sync_handler+0x68/0xbc\\n[ 2538.461093]  el0t_64_sync+0x1a8/0x1ac\\n\\n  T1:\\t\\t\\t\\tT2:\\n  sd_remove\\n  del_gendisk\\n  __blk_mark_disk_dead\\n  blk_freeze_queue_start\\n  ++q-\u003emq_freeze_depth\\n  \\t\\t\\t\\tbdev_release\\n \\t\\t\\t\\tmutex_lock(\u0026disk-\u003eopen_mutex)\\n  \\t\\t\\t\\tsd_release\\n \\t\\t\\t\\tscsi_execute_cmd\\n \\t\\t\\t\\tblk_queue_enter\\n \\t\\t\\t\\twait_event(!q-\u003emq_freeze_depth)\\n  mutex_lock(\u0026disk-\u003eopen_mutex)\\n\\nSCSI does not set GD_OWNS_QUEUE, so QUEUE_FLAG_DYING is not set in\\nthis scenario. This is a classic ABBA deadlock. To fix the deadlock,\\nmake sure we don\u0027t try to acquire disk-\u003eopen_mutex after freezing\\nthe queue.\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se resolvi\\u00f3 la siguiente vulnerabilidad: bloquear: soluciona el punto muerto entre sd_remove y sd_release Nuestra prueba informa la siguiente tarea colgada: [ 2538.459400] INFO: task \\\"kworker/0:0\\\":7 blocked for more than 188 seconds. [ 2538.459427] Call trace: [ 2538.459430] __switch_to+0x174/0x338 [ 2538.459436] __schedule+0x628/0x9c4 [ 2538.459442] schedule+0x7c/0xe8 [ 2538.459447] schedule_preempt_disabled+0x24/0x40 [ 2538.459453] __mutex_lock+0x3ec/0xf04 [ 2538.459456] __mutex_lock_slowpath+0x14/0x24 [ 2538.459459] mutex_lock+0x30/0xd8 [ 2538.459462] del_gendisk+0xdc/0x350 [ 2538.459466] sd_remove+0x30/0x60 [ 2538.459470] device_release_driver_internal+0x1c4/0x2c4 [ 2538.459474] device_release_driver+0x18/0x28 [ 2538.459478] bus_remove_device+0x15c/0x174 [ 2538.459483] device_del+0x1d0/0x358 [ 2538.459488] __scsi_remove_device+0xa8/0x198 [ 2538.459493] scsi_forget_host+0x50/0x70 [ 2538.459497] scsi_remove_host+0x80/0x180 [ 2538.459502] usb_stor_disconnect+0x68/0xf4 [ 2538.459506] usb_unbind_interface+0xd4/0x280 [ 2538.459510] device_release_driver_internal+0x1c4/0x2c4 [ 2538.459514] device_release_driver+0x18/0x28 [ 2538.459518] bus_remove_device+0x15c/0x174 [ 2538.459523] device_del+0x1d0/0x358 [ 2538.459528] usb_disable_device+0x84/0x194 [ 2538.459532] usb_disconnect+0xec/0x300 [ 2538.459537] hub_event+0xb80/0x1870 [ 2538.459541] process_scheduled_works+0x248/0x4dc [ 2538.459545] worker_thread+0x244/0x334 [ 2538.459549] kthread+0x114/0x1bc [ 2538.461001] INFO: task \\\"fsck.\\\":15415 blocked for more than 188 seconds. [ 2538.461014] Call trace: [ 2538.461016] __switch_to+0x174/0x338 [ 2538.461021] __schedule+0x628/0x9c4 [ 2538.461025] schedule+0x7c/0xe8 [ 2538.461030] blk_queue_enter+0xc4/0x160 [ 2538.461034] blk_mq_alloc_request+0x120/0x1d4 [ 2538.461037] scsi_execute_cmd+0x7c/0x23c [ 2538.461040] ioctl_internal_command+0x5c/0x164 [ 2538.461046] scsi_set_medium_removal+0x5c/0xb0 [ 2538.461051] sd_release+0x50/0x94 [ 2538.461054] blkdev_put+0x190/0x28c [ 2538.461058] blkdev_release+0x28/0x40 [ 2538.461063] __fput+0xf8/0x2a8 [ 2538.461066] __fput_sync+0x28/0x5c [ 2538.461070] __arm64_sys_close+0x84/0xe8 [ 2538.461073] invoke_syscall+0x58/0x114 [ 2538.461078] el0_svc_common+0xac/0xe0 [ 2538.461082] do_el0_svc+0x1c/0x28 [ 2538.461087] el0_svc+0x38/0x68 [ 2538.461090] el0t_64_sync_handler+0x68/0xbc [ 2538.461093] el0t_64_sync+0x1a8/0x1ac T1: T2: sd_remove del_gendisk __blk_mark_disk_dead blk_freeze_queue_start ++q-\u0026gt;mq_freeze_depth bdev_release mutex_lock(\u0026amp;disk-\u0026gt;open_mutex) sd_release scsi_execute_cmd blk_queue_enter wait_event(!q-\u0026gt;mq_freeze_depth) mutex_lock(\u0026amp;disk-\u0026gt;open_mutex) SCSI no configura GD_OWNS_QUEUE, por lo que QUEUE_FLAG_DYING no est\\u00e1 configurado en este escenario. Este es un cl\\u00e1sico punto muerto de ABBA. Para solucionar el punto muerto, aseg\\u00farese de no intentar adquirir disco-\u0026gt;open_mutex despu\\u00e9s de congelar la cola.\"}]",
      "id": "CVE-2024-42294",
      "lastModified": "2024-08-19T19:43:22.460",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
      "published": "2024-08-17T09:15:09.947",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/5a5625a83eac91fdff1d5f0202ecfc45a31983c9\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/7e04da2dc7013af50ed3a2beb698d5168d1e594b\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/f5418f48a93b69ed9e6a2281eee06b412f14a544\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-667\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-42294\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-08-17T09:15:09.947\",\"lastModified\":\"2024-08-19T19:43:22.460\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nblock: fix deadlock between sd_remove \u0026 sd_release\\n\\nOur test report the following hung task:\\n\\n[ 2538.459400] INFO: task \\\"kworker/0:0\\\":7 blocked for more than 188 seconds.\\n[ 2538.459427] Call trace:\\n[ 2538.459430]  __switch_to+0x174/0x338\\n[ 2538.459436]  __schedule+0x628/0x9c4\\n[ 2538.459442]  schedule+0x7c/0xe8\\n[ 2538.459447]  schedule_preempt_disabled+0x24/0x40\\n[ 2538.459453]  __mutex_lock+0x3ec/0xf04\\n[ 2538.459456]  __mutex_lock_slowpath+0x14/0x24\\n[ 2538.459459]  mutex_lock+0x30/0xd8\\n[ 2538.459462]  del_gendisk+0xdc/0x350\\n[ 2538.459466]  sd_remove+0x30/0x60\\n[ 2538.459470]  device_release_driver_internal+0x1c4/0x2c4\\n[ 2538.459474]  device_release_driver+0x18/0x28\\n[ 2538.459478]  bus_remove_device+0x15c/0x174\\n[ 2538.459483]  device_del+0x1d0/0x358\\n[ 2538.459488]  __scsi_remove_device+0xa8/0x198\\n[ 2538.459493]  scsi_forget_host+0x50/0x70\\n[ 2538.459497]  scsi_remove_host+0x80/0x180\\n[ 2538.459502]  usb_stor_disconnect+0x68/0xf4\\n[ 2538.459506]  usb_unbind_interface+0xd4/0x280\\n[ 2538.459510]  device_release_driver_internal+0x1c4/0x2c4\\n[ 2538.459514]  device_release_driver+0x18/0x28\\n[ 2538.459518]  bus_remove_device+0x15c/0x174\\n[ 2538.459523]  device_del+0x1d0/0x358\\n[ 2538.459528]  usb_disable_device+0x84/0x194\\n[ 2538.459532]  usb_disconnect+0xec/0x300\\n[ 2538.459537]  hub_event+0xb80/0x1870\\n[ 2538.459541]  process_scheduled_works+0x248/0x4dc\\n[ 2538.459545]  worker_thread+0x244/0x334\\n[ 2538.459549]  kthread+0x114/0x1bc\\n\\n[ 2538.461001] INFO: task \\\"fsck.\\\":15415 blocked for more than 188 seconds.\\n[ 2538.461014] Call trace:\\n[ 2538.461016]  __switch_to+0x174/0x338\\n[ 2538.461021]  __schedule+0x628/0x9c4\\n[ 2538.461025]  schedule+0x7c/0xe8\\n[ 2538.461030]  blk_queue_enter+0xc4/0x160\\n[ 2538.461034]  blk_mq_alloc_request+0x120/0x1d4\\n[ 2538.461037]  scsi_execute_cmd+0x7c/0x23c\\n[ 2538.461040]  ioctl_internal_command+0x5c/0x164\\n[ 2538.461046]  scsi_set_medium_removal+0x5c/0xb0\\n[ 2538.461051]  sd_release+0x50/0x94\\n[ 2538.461054]  blkdev_put+0x190/0x28c\\n[ 2538.461058]  blkdev_release+0x28/0x40\\n[ 2538.461063]  __fput+0xf8/0x2a8\\n[ 2538.461066]  __fput_sync+0x28/0x5c\\n[ 2538.461070]  __arm64_sys_close+0x84/0xe8\\n[ 2538.461073]  invoke_syscall+0x58/0x114\\n[ 2538.461078]  el0_svc_common+0xac/0xe0\\n[ 2538.461082]  do_el0_svc+0x1c/0x28\\n[ 2538.461087]  el0_svc+0x38/0x68\\n[ 2538.461090]  el0t_64_sync_handler+0x68/0xbc\\n[ 2538.461093]  el0t_64_sync+0x1a8/0x1ac\\n\\n  T1:\\t\\t\\t\\tT2:\\n  sd_remove\\n  del_gendisk\\n  __blk_mark_disk_dead\\n  blk_freeze_queue_start\\n  ++q-\u003emq_freeze_depth\\n  \\t\\t\\t\\tbdev_release\\n \\t\\t\\t\\tmutex_lock(\u0026disk-\u003eopen_mutex)\\n  \\t\\t\\t\\tsd_release\\n \\t\\t\\t\\tscsi_execute_cmd\\n \\t\\t\\t\\tblk_queue_enter\\n \\t\\t\\t\\twait_event(!q-\u003emq_freeze_depth)\\n  mutex_lock(\u0026disk-\u003eopen_mutex)\\n\\nSCSI does not set GD_OWNS_QUEUE, so QUEUE_FLAG_DYING is not set in\\nthis scenario. This is a classic ABBA deadlock. To fix the deadlock,\\nmake sure we don\u0027t try to acquire disk-\u003eopen_mutex after freezing\\nthe queue.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: bloquear: soluciona el punto muerto entre sd_remove y sd_release Nuestra prueba informa la siguiente tarea colgada: [ 2538.459400] INFO: task \\\"kworker/0:0\\\":7 blocked for more than 188 seconds. [ 2538.459427] Call trace: [ 2538.459430] __switch_to+0x174/0x338 [ 2538.459436] __schedule+0x628/0x9c4 [ 2538.459442] schedule+0x7c/0xe8 [ 2538.459447] schedule_preempt_disabled+0x24/0x40 [ 2538.459453] __mutex_lock+0x3ec/0xf04 [ 2538.459456] __mutex_lock_slowpath+0x14/0x24 [ 2538.459459] mutex_lock+0x30/0xd8 [ 2538.459462] del_gendisk+0xdc/0x350 [ 2538.459466] sd_remove+0x30/0x60 [ 2538.459470] device_release_driver_internal+0x1c4/0x2c4 [ 2538.459474] device_release_driver+0x18/0x28 [ 2538.459478] bus_remove_device+0x15c/0x174 [ 2538.459483] device_del+0x1d0/0x358 [ 2538.459488] __scsi_remove_device+0xa8/0x198 [ 2538.459493] scsi_forget_host+0x50/0x70 [ 2538.459497] scsi_remove_host+0x80/0x180 [ 2538.459502] usb_stor_disconnect+0x68/0xf4 [ 2538.459506] usb_unbind_interface+0xd4/0x280 [ 2538.459510] device_release_driver_internal+0x1c4/0x2c4 [ 2538.459514] device_release_driver+0x18/0x28 [ 2538.459518] bus_remove_device+0x15c/0x174 [ 2538.459523] device_del+0x1d0/0x358 [ 2538.459528] usb_disable_device+0x84/0x194 [ 2538.459532] usb_disconnect+0xec/0x300 [ 2538.459537] hub_event+0xb80/0x1870 [ 2538.459541] process_scheduled_works+0x248/0x4dc [ 2538.459545] worker_thread+0x244/0x334 [ 2538.459549] kthread+0x114/0x1bc [ 2538.461001] INFO: task \\\"fsck.\\\":15415 blocked for more than 188 seconds. [ 2538.461014] Call trace: [ 2538.461016] __switch_to+0x174/0x338 [ 2538.461021] __schedule+0x628/0x9c4 [ 2538.461025] schedule+0x7c/0xe8 [ 2538.461030] blk_queue_enter+0xc4/0x160 [ 2538.461034] blk_mq_alloc_request+0x120/0x1d4 [ 2538.461037] scsi_execute_cmd+0x7c/0x23c [ 2538.461040] ioctl_internal_command+0x5c/0x164 [ 2538.461046] scsi_set_medium_removal+0x5c/0xb0 [ 2538.461051] sd_release+0x50/0x94 [ 2538.461054] blkdev_put+0x190/0x28c [ 2538.461058] blkdev_release+0x28/0x40 [ 2538.461063] __fput+0xf8/0x2a8 [ 2538.461066] __fput_sync+0x28/0x5c [ 2538.461070] __arm64_sys_close+0x84/0xe8 [ 2538.461073] invoke_syscall+0x58/0x114 [ 2538.461078] el0_svc_common+0xac/0xe0 [ 2538.461082] do_el0_svc+0x1c/0x28 [ 2538.461087] el0_svc+0x38/0x68 [ 2538.461090] el0t_64_sync_handler+0x68/0xbc [ 2538.461093] el0t_64_sync+0x1a8/0x1ac T1: T2: sd_remove del_gendisk __blk_mark_disk_dead blk_freeze_queue_start ++q-\u0026gt;mq_freeze_depth bdev_release mutex_lock(\u0026amp;disk-\u0026gt;open_mutex) sd_release scsi_execute_cmd blk_queue_enter wait_event(!q-\u0026gt;mq_freeze_depth) mutex_lock(\u0026amp;disk-\u0026gt;open_mutex) SCSI no configura GD_OWNS_QUEUE, por lo que QUEUE_FLAG_DYING no est\u00e1 configurado en este escenario. Este es un cl\u00e1sico punto muerto de ABBA. Para solucionar el punto muerto, aseg\u00farese de no intentar adquirir disco-\u0026gt;open_mutex despu\u00e9s de congelar la cola.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.5\",\"versionEndExcluding\":\"6.6.44\",\"matchCriteriaId\":\"9C43C45E-798F-4F27-A7BF-764CEB4C1BC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.10.3\",\"matchCriteriaId\":\"92D388F2-1EAF-4CFA-AC06-5B26D762EA7D\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/5a5625a83eac91fdff1d5f0202ecfc45a31983c9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7e04da2dc7013af50ed3a2beb698d5168d1e594b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f5418f48a93b69ed9e6a2281eee06b412f14a544\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-42294\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T16:10:53.890596Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T12:42:23.654Z\"}}], \"cna\": {\"title\": \"block: fix deadlock between sd_remove \u0026 sd_release\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"eec1be4c30df73238b936fa9f3653773a6f8b15c\", \"lessThan\": \"5a5625a83eac91fdff1d5f0202ecfc45a31983c9\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"eec1be4c30df73238b936fa9f3653773a6f8b15c\", \"lessThan\": \"f5418f48a93b69ed9e6a2281eee06b412f14a544\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"eec1be4c30df73238b936fa9f3653773a6f8b15c\", \"lessThan\": \"7e04da2dc7013af50ed3a2beb698d5168d1e594b\", \"versionType\": \"git\"}], \"programFiles\": [\"block/genhd.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.5\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"6.5\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"6.6.44\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.10.3\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.10.*\"}, {\"status\": \"unaffected\", \"version\": \"6.11\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"block/genhd.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/5a5625a83eac91fdff1d5f0202ecfc45a31983c9\"}, {\"url\": \"https://git.kernel.org/stable/c/f5418f48a93b69ed9e6a2281eee06b412f14a544\"}, {\"url\": \"https://git.kernel.org/stable/c/7e04da2dc7013af50ed3a2beb698d5168d1e594b\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nblock: fix deadlock between sd_remove \u0026 sd_release\\n\\nOur test report the following hung task:\\n\\n[ 2538.459400] INFO: task \\\"kworker/0:0\\\":7 blocked for more than 188 seconds.\\n[ 2538.459427] Call trace:\\n[ 2538.459430]  __switch_to+0x174/0x338\\n[ 2538.459436]  __schedule+0x628/0x9c4\\n[ 2538.459442]  schedule+0x7c/0xe8\\n[ 2538.459447]  schedule_preempt_disabled+0x24/0x40\\n[ 2538.459453]  __mutex_lock+0x3ec/0xf04\\n[ 2538.459456]  __mutex_lock_slowpath+0x14/0x24\\n[ 2538.459459]  mutex_lock+0x30/0xd8\\n[ 2538.459462]  del_gendisk+0xdc/0x350\\n[ 2538.459466]  sd_remove+0x30/0x60\\n[ 2538.459470]  device_release_driver_internal+0x1c4/0x2c4\\n[ 2538.459474]  device_release_driver+0x18/0x28\\n[ 2538.459478]  bus_remove_device+0x15c/0x174\\n[ 2538.459483]  device_del+0x1d0/0x358\\n[ 2538.459488]  __scsi_remove_device+0xa8/0x198\\n[ 2538.459493]  scsi_forget_host+0x50/0x70\\n[ 2538.459497]  scsi_remove_host+0x80/0x180\\n[ 2538.459502]  usb_stor_disconnect+0x68/0xf4\\n[ 2538.459506]  usb_unbind_interface+0xd4/0x280\\n[ 2538.459510]  device_release_driver_internal+0x1c4/0x2c4\\n[ 2538.459514]  device_release_driver+0x18/0x28\\n[ 2538.459518]  bus_remove_device+0x15c/0x174\\n[ 2538.459523]  device_del+0x1d0/0x358\\n[ 2538.459528]  usb_disable_device+0x84/0x194\\n[ 2538.459532]  usb_disconnect+0xec/0x300\\n[ 2538.459537]  hub_event+0xb80/0x1870\\n[ 2538.459541]  process_scheduled_works+0x248/0x4dc\\n[ 2538.459545]  worker_thread+0x244/0x334\\n[ 2538.459549]  kthread+0x114/0x1bc\\n\\n[ 2538.461001] INFO: task \\\"fsck.\\\":15415 blocked for more than 188 seconds.\\n[ 2538.461014] Call trace:\\n[ 2538.461016]  __switch_to+0x174/0x338\\n[ 2538.461021]  __schedule+0x628/0x9c4\\n[ 2538.461025]  schedule+0x7c/0xe8\\n[ 2538.461030]  blk_queue_enter+0xc4/0x160\\n[ 2538.461034]  blk_mq_alloc_request+0x120/0x1d4\\n[ 2538.461037]  scsi_execute_cmd+0x7c/0x23c\\n[ 2538.461040]  ioctl_internal_command+0x5c/0x164\\n[ 2538.461046]  scsi_set_medium_removal+0x5c/0xb0\\n[ 2538.461051]  sd_release+0x50/0x94\\n[ 2538.461054]  blkdev_put+0x190/0x28c\\n[ 2538.461058]  blkdev_release+0x28/0x40\\n[ 2538.461063]  __fput+0xf8/0x2a8\\n[ 2538.461066]  __fput_sync+0x28/0x5c\\n[ 2538.461070]  __arm64_sys_close+0x84/0xe8\\n[ 2538.461073]  invoke_syscall+0x58/0x114\\n[ 2538.461078]  el0_svc_common+0xac/0xe0\\n[ 2538.461082]  do_el0_svc+0x1c/0x28\\n[ 2538.461087]  el0_svc+0x38/0x68\\n[ 2538.461090]  el0t_64_sync_handler+0x68/0xbc\\n[ 2538.461093]  el0t_64_sync+0x1a8/0x1ac\\n\\n  T1:\\t\\t\\t\\tT2:\\n  sd_remove\\n  del_gendisk\\n  __blk_mark_disk_dead\\n  blk_freeze_queue_start\\n  ++q-\u003emq_freeze_depth\\n  \\t\\t\\t\\tbdev_release\\n \\t\\t\\t\\tmutex_lock(\u0026disk-\u003eopen_mutex)\\n  \\t\\t\\t\\tsd_release\\n \\t\\t\\t\\tscsi_execute_cmd\\n \\t\\t\\t\\tblk_queue_enter\\n \\t\\t\\t\\twait_event(!q-\u003emq_freeze_depth)\\n  mutex_lock(\u0026disk-\u003eopen_mutex)\\n\\nSCSI does not set GD_OWNS_QUEUE, so QUEUE_FLAG_DYING is not set in\\nthis scenario. This is a classic ABBA deadlock. To fix the deadlock,\\nmake sure we don\u0027t try to acquire disk-\u003eopen_mutex after freezing\\nthe queue.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.44\", \"versionStartIncluding\": \"6.5\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.10.3\", \"versionStartIncluding\": \"6.5\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.11\", \"versionStartIncluding\": \"6.5\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T09:26:09.699Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-42294\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-04T09:26:09.699Z\", \"dateReserved\": \"2024-07-30T07:40:12.269Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-08-17T09:09:02.984Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.