CVE-2024-35819

Updated:

Description:

In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: Use raw spinlock for cgr_lock smp_call_function always runs its callback in hard IRQ context, even on PREEMPT_RT, where spinlocks can sleep. So we need to use a raw spinlock for cgr_lock to ensure we aren't waiting on a sleeping task. Although this bug has existed for a while, it was not apparent until commit ef2a8d5478b9 ("net: dpaa: Adjust queue depth on rate change") which invokes smp_call_function_single via qman_update_cgr_safe every time a link goes up or down.

CVSS3: 5.5


Vendor State

OS Vendor version Errata
Debian 10 4.19.316-1 DLA-3840-1
Debian 10 cloud 4.19.316-1 DLA-3840-1
Ubuntu 20.04 5.4.0-189.209 USN-6896-1
Ubuntu 20.04 AWS 5.4.0-1128.138 USN-6896-5
Ubuntu 20.04 Azure 5.4.0-1133.140 USN-6896-1
Ubuntu 22.04 5.15.0-116.126 USN-6898-1
Ubuntu 22.04 AWS 5.15.0-1065.71 USN-6898-3
Ubuntu 22.04 Azure 5.15.0-1068.77 USN-6917-1
Ubuntu 20.04 HWE Azure 5.15.0-1068.77~20.04.1 USN-6917-1
Ubuntu 20.04 GCP 5.4.0-1132.141 USN-6896-1
Ubuntu 24.04 6.8.0-35.35 USN-6816-1

KernelCare State

OS Original kernel version State
Debian 10
Planned
Debian 10 cloud
Planned
Ubuntu 20.04
In Progress
Ubuntu 20.04 AWS
Planned
Ubuntu 20.04 Azure
In Progress
Ubuntu 22.04
Ready For Release
Ubuntu 22.04 AWS
Planned
Ubuntu 22.04 Azure
Planned
Ubuntu 20.04 HWE Azure
Planned
Ubuntu 20.04 GCP
In Progress
Ubuntu 24.04
Ready For Release