CVE-2024-50025: scsi: fnic: Move flush_work initialization out of if block
First published: Mon Oct 21 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: scsi: fnic: Move flush_work initialization out of if block After commit 379a58caa199 ("scsi: fnic: Move fnic_fnic_flush_tx() to a work queue"), it can happen that a work item is sent to an uninitialized work queue. This may has the effect that the item being queued is never actually queued, and any further actions depending on it will not proceed. The following warning is observed while the fnic driver is loaded: kernel: WARNING: CPU: 11 PID: 0 at ../kernel/workqueue.c:1524 __queue_work+0x373/0x410 kernel: <IRQ> kernel: queue_work_on+0x3a/0x50 kernel: fnic_wq_copy_cmpl_handler+0x54a/0x730 [fnic 62fbff0c42e7fb825c60a55cde2fb91facb2ed24] kernel: fnic_isr_msix_wq_copy+0x2d/0x60 [fnic 62fbff0c42e7fb825c60a55cde2fb91facb2ed24] kernel: __handle_irq_event_percpu+0x36/0x1a0 kernel: handle_irq_event_percpu+0x30/0x70 kernel: handle_irq_event+0x34/0x60 kernel: handle_edge_irq+0x7e/0x1a0 kernel: __common_interrupt+0x3b/0xb0 kernel: common_interrupt+0x58/0xa0 kernel: </IRQ> It has been observed that this may break the rediscovery of Fibre Channel devices after a temporary fabric failure. This patch fixes it by moving the work queue initialization out of an if block in fnic_probe().
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux kernel | >=6.8<6.11.4 | |
| Linux kernel | =6.12-rc1 | |
| Linux kernel | =6.12-rc2 | |
| Linux Kernel | >=6.8<6.11.4 | |
| Linux Kernel | =6.12-rc1 | |
| Linux Kernel | =6.12-rc2 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/6b7836b80061bf1accc5d78b12bc086aed252388
- https://git.kernel.org/stable/c/f30e5f77d2f205ac14d09dec40fd4bb76712f13d
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50025
- https://nvd.nist.gov/vuln/detail/CVE-2024-50025
- https://launchpad.net/bugs/cve/CVE-2024-50025
- https://security-tracker.debian.org/tracker/CVE-2024-50025
- https://ubuntu.com/security/CVE-2024-50025
- https://git.kernel.org/linus/f30e5f77d2f205ac14d09dec40fd4bb76712f13d
Frequently Asked Questions
What is the severity of CVE-2024-50025?
CVE-2024-50025 is considered a moderate severity vulnerability in the Linux kernel.
How do I fix CVE-2024-50025?
To address CVE-2024-50025, update the Linux kernel to a fixed version such as 6.12.12-1 or later.
Which versions of the Linux kernel are affected by CVE-2024-50025?
CVE-2024-50025 affects Linux kernel versions from 6.8 to 6.11.4, as well as 6.12-rc1 and 6.12-rc2.
What does CVE-2024-50025 impact in the Linux kernel?
CVE-2024-50025 impacts the SCSI fnic driver related to uninitialized work queues.
Is there a patch available for CVE-2024-50025?
Yes, patches for CVE-2024-50025 are included in the recent updates to the Linux kernel as of versions 5.10.223-1 and later.
- agent/title
- agent/first-publish-date
- agent/type
- agent/author
- agent/remedy
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- collector/launchpad-cve
- source/Launchpad
- agent/references
- agent/source
- agent/tags
- agent/description
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-cve
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.8
- version/linux kernel/6.12-rc1
- version/linux kernel/6.12-rc2
- package-manager/debian