FKIE_CVE-2024-26854
Vulnerability from fkie_nvd - Published: 2024-04-17 11:15 - Updated: 2026-06-17 07:18
Severity
Summary
In the Linux kernel, the following vulnerability has been resolved:
ice: fix uninitialized dplls mutex usage
The pf->dplls.lock mutex is initialized too late, after its first use.
Move it to the top of ice_dpll_init.
Note that the "err_exit" error path destroys the mutex. And the mutex is
the last thing destroyed in ice_dpll_deinit.
This fixes the following warning with CONFIG_DEBUG_MUTEXES:
ice 0000:10:00.0: The DDP package was successfully loaded: ICE OS Default Package version 1.3.36.0
ice 0000:10:00.0: 252.048 Gb/s available PCIe bandwidth (16.0 GT/s PCIe x16 link)
ice 0000:10:00.0: PTP init successful
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(lock->magic != lock)
WARNING: CPU: 0 PID: 410 at kernel/locking/mutex.c:587 __mutex_lock+0x773/0xd40
Modules linked in: crct10dif_pclmul crc32_pclmul crc32c_intel polyval_clmulni polyval_generic ice(+) nvme nvme_c>
CPU: 0 PID: 410 Comm: kworker/0:4 Not tainted 6.8.0-rc5+ #3
Hardware name: HPE ProLiant DL110 Gen10 Plus/ProLiant DL110 Gen10 Plus, BIOS U56 10/19/2023
Workqueue: events work_for_cpu_fn
RIP: 0010:__mutex_lock+0x773/0xd40
Code: c0 0f 84 1d f9 ff ff 44 8b 35 0d 9c 69 01 45 85 f6 0f 85 0d f9 ff ff 48 c7 c6 12 a2 a9 85 48 c7 c7 12 f1 a>
RSP: 0018:ff7eb1a3417a7ae0 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000
RDX: 0000000000000002 RSI: ffffffff85ac2bff RDI: 00000000ffffffff
RBP: ff7eb1a3417a7b80 R08: 0000000000000000 R09: 00000000ffffbfff
R10: ff7eb1a3417a7978 R11: ff32b80f7fd2e568 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ff32b7f02c50e0d8
FS: 0000000000000000(0000) GS:ff32b80efe800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055b5852cc000 CR3: 000000003c43a004 CR4: 0000000000771ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
<TASK>
? __warn+0x84/0x170
? __mutex_lock+0x773/0xd40
? report_bug+0x1c7/0x1d0
? prb_read_valid+0x1b/0x30
? handle_bug+0x42/0x70
? exc_invalid_op+0x18/0x70
? asm_exc_invalid_op+0x1a/0x20
? __mutex_lock+0x773/0xd40
? rcu_is_watching+0x11/0x50
? __kmalloc_node_track_caller+0x346/0x490
? ice_dpll_lock_status_get+0x28/0x50 [ice]
? __pfx_ice_dpll_lock_status_get+0x10/0x10 [ice]
? ice_dpll_lock_status_get+0x28/0x50 [ice]
ice_dpll_lock_status_get+0x28/0x50 [ice]
dpll_device_get_one+0x14f/0x2e0
dpll_device_event_send+0x7d/0x150
dpll_device_register+0x124/0x180
ice_dpll_init_dpll+0x7b/0xd0 [ice]
ice_dpll_init+0x224/0xa40 [ice]
? _dev_info+0x70/0x90
ice_load+0x468/0x690 [ice]
ice_probe+0x75b/0xa10 [ice]
? _raw_spin_unlock_irqrestore+0x4f/0x80
? process_one_work+0x1a3/0x500
local_pci_probe+0x47/0xa0
work_for_cpu_fn+0x17/0x30
process_one_work+0x20d/0x500
worker_thread+0x1df/0x3e0
? __pfx_worker_thread+0x10/0x10
kthread+0x103/0x140
? __pfx_kthread+0x10/0x10
ret_from_fork+0x31/0x50
? __pfx_kthread+0x10/0x10
ret_from_fork_asm+0x1b/0x30
</TASK>
irq event stamp: 125197
hardirqs last enabled at (125197): [<ffffffff8416409d>] finish_task_switch.isra.0+0x12d/0x3d0
hardirqs last disabled at (125196): [<ffffffff85134044>] __schedule+0xea4/0x19f0
softirqs last enabled at (105334): [<ffffffff84e1e65a>] napi_get_frags_check+0x1a/0x60
softirqs last disabled at (105332): [<ffffffff84e1e65a>] napi_get_frags_check+0x1a/0x60
---[ end trace 0000000000000000 ]---
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | 6.8 | |
| linux | linux_kernel | 6.8 | |
| linux | linux_kernel | 6.8 | |
| linux | linux_kernel | 6.8 | |
| linux | linux_kernel | 6.8 | |
| linux | linux_kernel | 6.8 |
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_dpll.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "db29ceff3e25c48907016da456a7cbee6310fd83",
"status": "affected",
"version": "d7999f5ea64bb10d2857b8cbfe973be373bac7c9",
"versionType": "git"
},
{
"lessThan": "9224fc86f1776193650a33a275cac628952f80a9",
"status": "affected",
"version": "d7999f5ea64bb10d2857b8cbfe973be373bac7c9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_dpll.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"affectedData": [
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "d7999f5ea64b"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "6.7"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.710"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.8"
}
]
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4549F9-0160-455F-8CDC-98D38AEF6D66",
"versionEndExcluding": "6.7.10",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "62075ACE-B2A0-4B16-829D-B3DA5AE5CC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A780F817-2A77-4130-A9B7-5C25606314E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc6:*:*:*:*:*:*",
"matchCriteriaId": "AEB9199B-AB8F-4877-8964-E2BA95B5F15C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix uninitialized dplls mutex usage\n\nThe pf-\u003edplls.lock mutex is initialized too late, after its first use.\nMove it to the top of ice_dpll_init.\nNote that the \"err_exit\" error path destroys the mutex. And the mutex is\nthe last thing destroyed in ice_dpll_deinit.\nThis fixes the following warning with CONFIG_DEBUG_MUTEXES:\n\n ice 0000:10:00.0: The DDP package was successfully loaded: ICE OS Default Package version 1.3.36.0\n ice 0000:10:00.0: 252.048 Gb/s available PCIe bandwidth (16.0 GT/s PCIe x16 link)\n ice 0000:10:00.0: PTP init successful\n ------------[ cut here ]------------\n DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n WARNING: CPU: 0 PID: 410 at kernel/locking/mutex.c:587 __mutex_lock+0x773/0xd40\n Modules linked in: crct10dif_pclmul crc32_pclmul crc32c_intel polyval_clmulni polyval_generic ice(+) nvme nvme_c\u003e\n CPU: 0 PID: 410 Comm: kworker/0:4 Not tainted 6.8.0-rc5+ #3\n Hardware name: HPE ProLiant DL110 Gen10 Plus/ProLiant DL110 Gen10 Plus, BIOS U56 10/19/2023\n Workqueue: events work_for_cpu_fn\n RIP: 0010:__mutex_lock+0x773/0xd40\n Code: c0 0f 84 1d f9 ff ff 44 8b 35 0d 9c 69 01 45 85 f6 0f 85 0d f9 ff ff 48 c7 c6 12 a2 a9 85 48 c7 c7 12 f1 a\u003e\n RSP: 0018:ff7eb1a3417a7ae0 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000\n RDX: 0000000000000002 RSI: ffffffff85ac2bff RDI: 00000000ffffffff\n RBP: ff7eb1a3417a7b80 R08: 0000000000000000 R09: 00000000ffffbfff\n R10: ff7eb1a3417a7978 R11: ff32b80f7fd2e568 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: ff32b7f02c50e0d8\n FS: 0000000000000000(0000) GS:ff32b80efe800000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055b5852cc000 CR3: 000000003c43a004 CR4: 0000000000771ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0x84/0x170\n ? __mutex_lock+0x773/0xd40\n ? report_bug+0x1c7/0x1d0\n ? prb_read_valid+0x1b/0x30\n ? handle_bug+0x42/0x70\n ? exc_invalid_op+0x18/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? __mutex_lock+0x773/0xd40\n ? rcu_is_watching+0x11/0x50\n ? __kmalloc_node_track_caller+0x346/0x490\n ? ice_dpll_lock_status_get+0x28/0x50 [ice]\n ? __pfx_ice_dpll_lock_status_get+0x10/0x10 [ice]\n ? ice_dpll_lock_status_get+0x28/0x50 [ice]\n ice_dpll_lock_status_get+0x28/0x50 [ice]\n dpll_device_get_one+0x14f/0x2e0\n dpll_device_event_send+0x7d/0x150\n dpll_device_register+0x124/0x180\n ice_dpll_init_dpll+0x7b/0xd0 [ice]\n ice_dpll_init+0x224/0xa40 [ice]\n ? _dev_info+0x70/0x90\n ice_load+0x468/0x690 [ice]\n ice_probe+0x75b/0xa10 [ice]\n ? _raw_spin_unlock_irqrestore+0x4f/0x80\n ? process_one_work+0x1a3/0x500\n local_pci_probe+0x47/0xa0\n work_for_cpu_fn+0x17/0x30\n process_one_work+0x20d/0x500\n worker_thread+0x1df/0x3e0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x103/0x140\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n irq event stamp: 125197\n hardirqs last enabled at (125197): [\u003cffffffff8416409d\u003e] finish_task_switch.isra.0+0x12d/0x3d0\n hardirqs last disabled at (125196): [\u003cffffffff85134044\u003e] __schedule+0xea4/0x19f0\n softirqs last enabled at (105334): [\u003cffffffff84e1e65a\u003e] napi_get_frags_check+0x1a/0x60\n softirqs last disabled at (105332): [\u003cffffffff84e1e65a\u003e] napi_get_frags_check+0x1a/0x60\n ---[ end trace 0000000000000000 ]---"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: corrige el uso del mutex dplls no inicializado El mutex pf-\u0026gt;dplls.lock se inicializa demasiado tarde, despu\u00e9s de su primer uso. Mu\u00e9valo a la parte superior de ice_dpll_init. Tenga en cuenta que la ruta de error \"err_exit\" destruye el mutex. Y el mutex es lo \u00faltimo que se destruye en ice_dpll_deinit. Esto corrige la siguiente advertencia con CONFIG_DEBUG_MUTEXES: ice 0000:10:00.0: El paquete DDP se carg\u00f3 correctamente: Paquete predeterminado de ICE OS versi\u00f3n 1.3.36.0 ice 0000:10:00.0: Ancho de banda PCIe disponible de 252,048 Gb/s (PCIe de 16,0 GT/s enlace x16) ice 0000:10:00.0: inicio de PTP exitoso ------------[ cortar aqu\u00ed ]------------ DEBUG_LOCKS_WARN_ON(lock-\u0026gt;magic != lock ) Advertencia: CPU: 0 PID: 410 AT KERNEL/Locking/Mutex.C: 587 __mutex_lock+0x773/0xd40 M\u00f3dulos vinculados en: CRCT10DIF_PCLMUL CRC32_PCLMUL CRC32C_Tel Polyval_clmulni Polyval_Gener KWorker/ 0:4 No contaminado 6.8.0-rc5+ #3 Nombre del hardware: HPE ProLiant DL110 Gen10 Plus/ProLiant DL110 Gen10 Plus, BIOS U56 19/10/2023 Cola de trabajo: eventos work_for_cpu_fn RIP: 0010:__mutex_lock+0x773/0xd40 C\u00f3digo: c0 0f 84 1d f9 ff ff 44 8b 35 0d 9c 69 01 45 85 f6 0f 85 0d f9 ff ff 48 c7 c6 12 a2 a9 85 48 c7 c7 12 f1 a\u0026gt; RSP: 0018:ff7eb1a3417a7ae0 EFLAGS: X: 0000000000000000 RBX: 0000000000000002 RCX : 0000000000000000 RDX: 0000000000000002 RSI: ffffffff85ac2bff RDI: 00000000ffffffff RBP: ff7eb1a3417a7b80 R08: 0000000000000000 R09: 00000000ffffb fff R10: ff7eb1a3417a7978 R11: ff32b80f7fd2e568 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ff32b7f02c50e0d8 FS: 0000000000000000(0000) GS:ff32b80efe800000(0000) KNLGS: 00000000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000000080050033 CR2: 000055B5852CC000 00 DR3: 000000000000000000 DR6: 0000000000FFFE0FF0 DR7: 000000000000000400 PKRU: 555555554 Trace de llamadas: ? __advertir+0x84/0x170 ? __mutex_lock+0x773/0xd40? report_bug+0x1c7/0x1d0? prb_read_valid+0x1b/0x30? handle_bug+0x42/0x70? exc_invalid_op+0x18/0x70? asm_exc_invalid_op+0x1a/0x20? __mutex_lock+0x773/0xd40? rcu_is_watching+0x11/0x50? __kmalloc_node_track_caller+0x346/0x490 ? ice_dpll_lock_status_get+0x28/0x50 [hielo]? __pfx_ice_dpll_lock_status_get+0x10/0x10 [hielo]? ice_dpll_lock_status_get+0x28/0x50 [ice] ice_dpll_lock_status_get+0x28/0x50 [ice] dpll_device_get_one+0x14f/0x2e0 dpll_device_event_send+0x7d/0x150 dpll_device_register+0x124/0x180 init_dpll+0x7b/0xd0 [hielo] ice_dpll_init+0x224/0xa40 [hielo] ? _dev_info+0x70/0x90 ice_load+0x468/0x690 [hielo] ice_probe+0x75b/0xa10 [hielo] ? _raw_spin_unlock_irqrestore+0x4f/0x80 ? Process_one_work+0x1a3/0x500 local_pci_probe+0x47/0xa0 work_for_cpu_fn+0x17/0x30 Process_one_work+0x20d/0x500 trabajador_thread+0x1df/0x3e0 ? __pfx_worker_thread+0x10/0x10 kthread+0x103/0x140 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 sello de evento irq: 125197 hardirqs habilitado por \u00faltima vez en (125197): [] Finish_task_switch.isra.0+0x12d/0x3d0 hardirqs deshabilitado por \u00faltima vez en (1251 96): [ ] __schedule+0xea4/0x19f0 softirqs habilitado por \u00faltima vez en (105334): [] napi_get_frags_check+0x1a/0x60 softirqs deshabilitado por \u00faltima vez en (105332): [] x1a/0x60 ---[ fin traza 0000000000000000 ]---"
}
],
"id": "CVE-2024-26854",
"lastModified": "2026-06-17T07:18:30.693",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2024-26854",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T21:47:57.227709Z",
"version": "2.0.3"
}
}
]
},
"published": "2024-04-17T11:15:08.637",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/9224fc86f1776193650a33a275cac628952f80a9"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/db29ceff3e25c48907016da456a7cbee6310fd83"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/9224fc86f1776193650a33a275cac628952f80a9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/db29ceff3e25c48907016da456a7cbee6310fd83"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…