Возможность эксплуатации
DOS
5.5 Medium
CVSS3
Связанные уязвимости
[REJECTED CVE] A vulnerability in the Linux kernel's driver core related to uevent_show() and driver detach has been identified. The issue involved a race condition where uevent_show() attempted to dereference dev->driver->name, leading to a potential deadlock due to improper locking. While this could cause system instability, an attacker would need the ability to manipulate device attributes and timing precisely, making exploitation impractical.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
In the Linux kernel, the following vulnerability has been resolved: driver core: Fix uevent_show() vs driver detach race uevent_show() wants to de-reference dev->driver->name. There is no clean way for a device attribute to de-reference dev->driver unless that attribute is defined via (struct device_driver).dev_groups. Instead, the anti-pattern of taking the device_lock() in the attribute handler risks deadlocks with code paths that remove device attributes while holding the lock. This deadlock is typically invisible to lockdep given the device_lock() is marked lockdep_set_novalidate_class(), but some subsystems allocate a local lockdep key for @dev->mutex to reveal reports of the form: ====================================================== WARNING: possible circular locking dependency detected 6.10.0-rc7+ #275 Tainted: G OE N ------------------------------------------------------ modprobe/2374 is trying to acquire lock: ffff8c2270070de0 (kn->active#6){++++}-{...
ELSA-2024-12682: Unbreakable Enterprise kernel security update (IMPORTANT)
ELSA-2024-12779: Unbreakable Enterprise kernel security update (IMPORTANT)
5.5 Medium
CVSS3