{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-26627", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.135Z", "datePublished": "2024-03-06T06:45:34.339Z", "dateUpdated": "2024-11-05T09:12:50.090Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:12:50.090Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Move scsi_host_busy() out of host lock for waking up EH handler\n\nInside scsi_eh_wakeup(), scsi_host_busy() is called & checked with host\nlock every time for deciding if error handler kthread needs to be waken up.\n\nThis can be too heavy in case of recovery, such as:\n\n - N hardware queues\n\n - queue depth is M for each hardware queue\n\n - each scsi_host_busy() iterates over (N * M) tag/requests\n\nIf recovery is triggered in case that all requests are in-flight, each\nscsi_eh_wakeup() is strictly serialized, when scsi_eh_wakeup() is called\nfor the last in-flight request, scsi_host_busy() has been run for (N * M -\n1) times, and request has been iterated for (N*M - 1) * (N * M) times.\n\nIf both N and M are big enough, hard lockup can be triggered on acquiring\nhost lock, and it is observed on mpi3mr(128 hw queues, queue depth 8169).\n\nFix the issue by calling scsi_host_busy() outside the host lock. We don't\nneed the host lock for getting busy count because host the lock never\ncovers that.\n\n[mkp: Drop unnecessary 'busy' variables pointed out by Bart]"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/scsi/scsi_error.c", "drivers/scsi/scsi_lib.c", "drivers/scsi/scsi_priv.h"], "versions": [{"version": "6eb045e092ef", "lessThan": "f5944853f7a9", "status": "affected", "versionType": "git"}, {"version": "6eb045e092ef", "lessThan": "d37c1c81419f", "status": "affected", "versionType": "git"}, {"version": "6eb045e092ef", "lessThan": "db6338f45971", "status": "affected", "versionType": "git"}, {"version": "6eb045e092ef", "lessThan": "65ead8468c21", "status": "affected", "versionType": "git"}, {"version": "6eb045e092ef", "lessThan": "07e3ca0f17f5", "status": "affected", "versionType": "git"}, {"version": "6eb045e092ef", "lessThan": "4373534a9850", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/scsi/scsi_error.c", "drivers/scsi/scsi_lib.c", "drivers/scsi/scsi_priv.h"], "versions": [{"version": "5.5", "status": "affected"}, {"version": "0", "lessThan": "5.5", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.210", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.149", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.77", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.16", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.4", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/f5944853f7a961fedc1227dc8f60393f8936d37c"}, {"url": "https://git.kernel.org/stable/c/d37c1c81419fdef66ebd0747cf76fb8b7d979059"}, {"url": "https://git.kernel.org/stable/c/db6338f45971b4285ea368432a84033690eaf53c"}, {"url": "https://git.kernel.org/stable/c/65ead8468c21c2676d4d06f50b46beffdea69df1"}, {"url": "https://git.kernel.org/stable/c/07e3ca0f17f579491b5f54e9ed05173d6c1d6fcb"}, {"url": "https://git.kernel.org/stable/c/4373534a9850627a2695317944898eb1283a2db0"}], "title": "scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-23T15:54:15.450474Z", "id": "CVE-2024-26627", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-31T15:10:07.435Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:07:19.707Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/f5944853f7a961fedc1227dc8f60393f8936d37c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d37c1c81419fdef66ebd0747cf76fb8b7d979059", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/db6338f45971b4285ea368432a84033690eaf53c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/65ead8468c21c2676d4d06f50b46beffdea69df1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/07e3ca0f17f579491b5f54e9ed05173d6c1d6fcb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4373534a9850627a2695317944898eb1283a2db0", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/f5944853f7a961fedc1227dc8f60393f8936d37c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d37c1c81419fdef66ebd0747cf76fb8b7d979059", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/db6338f45971b4285ea368432a84033690eaf53c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/65ead8468c21c2676d4d06f50b46beffdea69df1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/07e3ca0f17f579491b5f54e9ed05173d6c1d6fcb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4373534a9850627a2695317944898eb1283a2db0", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:07:19.707Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-26627", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-23T15:54:15.450474Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T15:54:31.370Z"}}], "cna": {"title": "scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6eb045e092ef", "lessThan": "f5944853f7a9", "versionType": "git"}, {"status": "affected", "version": "6eb045e092ef", "lessThan": "d37c1c81419f", "versionType": "git"}, {"status": "affected", "version": "6eb045e092ef", "lessThan": "db6338f45971", "versionType": "git"}, {"status": "affected", "version": "6eb045e092ef", "lessThan": "65ead8468c21", "versionType": "git"}, {"status": "affected", "version": "6eb045e092ef", "lessThan": "07e3ca0f17f5", "versionType": "git"}, {"status": "affected", "version": "6eb045e092ef", "lessThan": "4373534a9850", "versionType": "git"}], "programFiles": ["drivers/scsi/scsi_error.c", "drivers/scsi/scsi_lib.c", "drivers/scsi/scsi_priv.h"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.5"}, {"status": "unaffected", "version": "0", "lessThan": "5.5", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.210", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.149", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.77", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.16", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.4", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/scsi/scsi_error.c", "drivers/scsi/scsi_lib.c", "drivers/scsi/scsi_priv.h"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/f5944853f7a961fedc1227dc8f60393f8936d37c"}, {"url": "https://git.kernel.org/stable/c/d37c1c81419fdef66ebd0747cf76fb8b7d979059"}, {"url": "https://git.kernel.org/stable/c/db6338f45971b4285ea368432a84033690eaf53c"}, {"url": "https://git.kernel.org/stable/c/65ead8468c21c2676d4d06f50b46beffdea69df1"}, {"url": "https://git.kernel.org/stable/c/07e3ca0f17f579491b5f54e9ed05173d6c1d6fcb"}, {"url": "https://git.kernel.org/stable/c/4373534a9850627a2695317944898eb1283a2db0"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Move scsi_host_busy() out of host lock for waking up EH handler\n\nInside scsi_eh_wakeup(), scsi_host_busy() is called & checked with host\nlock every time for deciding if error handler kthread needs to be waken up.\n\nThis can be too heavy in case of recovery, such as:\n\n - N hardware queues\n\n - queue depth is M for each hardware queue\n\n - each scsi_host_busy() iterates over (N * M) tag/requests\n\nIf recovery is triggered in case that all requests are in-flight, each\nscsi_eh_wakeup() is strictly serialized, when scsi_eh_wakeup() is called\nfor the last in-flight request, scsi_host_busy() has been run for (N * M -\n1) times, and request has been iterated for (N*M - 1) * (N * M) times.\n\nIf both N and M are big enough, hard lockup can be triggered on acquiring\nhost lock, and it is observed on mpi3mr(128 hw queues, queue depth 8169).\n\nFix the issue by calling scsi_host_busy() outside the host lock. We don't\nneed the host lock for getting busy count because host the lock never\ncovers that.\n\n[mkp: Drop unnecessary 'busy' variables pointed out by Bart]"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:12:50.090Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26627", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:12:50.090Z", "dateReserved": "2024-02-19T14:20:24.135Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-03-06T06:45:34.339Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Move scsi_host_busy() out of host lock for waking up EH handler\n\nInside scsi_eh_wakeup(), scsi_host_busy() is called & checked with host\nlock every time for deciding if error handler kthread needs to be waken up.\n\nThis can be too heavy in case of recovery, such as:\n\n - N hardware queues\n\n - queue depth is M for each hardware queue\n\n - each scsi_host_busy() iterates over (N * M) tag/requests\n\nIf recovery is triggered in case that all requests are in-flight, each\nscsi_eh_wakeup() is strictly serialized, when scsi_eh_wakeup() is called\nfor the last in-flight request, scsi_host_busy() has been run for (N * M -\n1) times, and request has been iterated for (N*M - 1) * (N * M) times.\n\nIf both N and M are big enough, hard lockup can be triggered on acquiring\nhost lock, and it is observed on mpi3mr(128 hw queues, queue depth 8169).\n\nFix the issue by calling scsi_host_busy() outside the host lock. We don't\nneed the host lock for getting busy count because host the lock never\ncovers that.\n\n[mkp: Drop unnecessary 'busy' variables pointed out by Bart]"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: core: Saque scsi_host_busy() del bloqueo del host para activar el controlador EH Dentro de scsi_eh_wakeup(), se llama a scsi_host_busy() y se verifica con el bloqueo del host cada vez para decidir si se produce un error. Es necesario activar el controlador kthread. Esto puede ser demasiado pesado en caso de recuperaci\u00f3n, como por ejemplo: - N colas de hardware - la profundidad de la cola es M para cada cola de hardware - cada scsi_host_busy() itera sobre (N * M) etiquetas/solicitudes Si la recuperaci\u00f3n se activa en caso de que todas las solicitudes est\u00e1n en curso, cada scsi_eh_wakeup() est\u00e1 estrictamente serializado, cuando se llama a scsi_eh_wakeup() para la \u00faltima solicitud en curso, scsi_host_busy() se ha ejecutado (N * M - 1) veces y la solicitud se ha iterado durante ( N*M - 1) * (N * M) veces. Si tanto N como M son lo suficientemente grandes, se puede activar un bloqueo duro al adquirir el bloqueo del host, y se observa en mpi3mr (128 colas hw, profundidad de cola 8169). Solucione el problema llamando a scsi_host_busy() fuera del bloqueo del host. No necesitamos el bloqueo del host para obtener el recuento de ocupaci\u00f3n porque el bloqueo del host nunca cubre eso. [mkp: elimine las variables 'ocupadas' innecesarias se\u00f1aladas por Bart]"}], "id": "CVE-2024-26627", "lastModified": "2024-11-05T10:15:34.750", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-06T07:15:12.973", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/07e3ca0f17f579491b5f54e9ed05173d6c1d6fcb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4373534a9850627a2695317944898eb1283a2db0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/65ead8468c21c2676d4d06f50b46beffdea69df1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d37c1c81419fdef66ebd0747cf76fb8b7d979059"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/db6338f45971b4285ea368432a84033690eaf53c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f5944853f7a961fedc1227dc8f60393f8936d37c"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler", "id": "2268214", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268214"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-413", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nscsi: core: Move scsi_host_busy() out of host lock for waking up EH handler\nInside scsi_eh_wakeup(), scsi_host_busy() is called & checked with host\nlock every time for deciding if error handler kthread needs to be waken up.\nThis can be too heavy in case of recovery, such as:\n- N hardware queues\n- queue depth is M for each hardware queue\n- each scsi_host_busy() iterates over (N * M) tag/requests\nIf recovery is triggered in case that all requests are in-flight, each\nscsi_eh_wakeup() is strictly serialized, when scsi_eh_wakeup() is called\nfor the last in-flight request, scsi_host_busy() has been run for (N * M -\n1) times, and request has been iterated for (N*M - 1) * (N * M) times.\nIf both N and M are big enough, hard lockup can be triggered on acquiring\nhost lock, and it is observed on mpi3mr(128 hw queues, queue depth 8169).\nFix the issue by calling scsi_host_busy() outside the host lock. We don't\nneed the host lock for getting busy count because host the lock never\ncovers that.\n[mkp: Drop unnecessary 'busy' variables pointed out by Bart]"], "name": "CVE-2024-26627", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26627\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26627\nhttps://lore.kernel.org/linux-cve-announce/2024030648-CVE-2024-26627-e3a2@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 5.10.210, kernel 5.15.149, kernel 6.1.77, kernel 6.6.16, kernel 6.7.4, kernel 6.8-rc3"}