{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41082", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.633Z", "datePublished": "2024-07-29T15:04:19.372Z", "dateUpdated": "2024-11-05T09:36:21.749Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:36:21.749Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fabrics: use reserved tag for reg read/write command\n\nIn some scenarios, if too many commands are issued by nvme command in\nthe same time by user tasks, this may exhaust all tags of admin_q. If\na reset (nvme reset or IO timeout) occurs before these commands finish,\nreconnect routine may fail to update nvme regs due to insufficient tags,\nwhich will cause kernel hang forever. In order to workaround this issue,\nmaybe we can let reg_read32()/reg_read64()/reg_write32() use reserved\ntags. This maybe safe for nvmf:\n\n1. For the disable ctrl path, we will not issue connect command\n2. For the enable ctrl / fw activate path, since connect and reg_xx()\n are called serially.\n\nSo the reserved tags may still be enough while reg_xx() use reserved tags."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nvme/host/fabrics.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "165da9c67a26", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "7dc3bfcb4c9c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nvme/host/fabrics.c"], "versions": [{"version": "6.9.11", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/165da9c67a26f08c9b956c15d701da7690f45bcb"}, {"url": "https://git.kernel.org/stable/c/7dc3bfcb4c9cc58970fff6aaa48172cb224d85aa"}], "title": "nvme-fabrics: use reserved tag for reg read/write command", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:52.643Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/165da9c67a26f08c9b956c15d701da7690f45bcb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7dc3bfcb4c9cc58970fff6aaa48172cb224d85aa", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41082", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:21:02.205379Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:09.536Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/165da9c67a26f08c9b956c15d701da7690f45bcb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7dc3bfcb4c9cc58970fff6aaa48172cb224d85aa", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:52.643Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41082", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:21:02.205379Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:14.822Z"}}], "cna": {"title": "nvme-fabrics: use reserved tag for reg read/write command", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "165da9c67a26", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "7dc3bfcb4c9c", "versionType": "git"}], "programFiles": ["drivers/nvme/host/fabrics.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "6.9.11", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/nvme/host/fabrics.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/165da9c67a26f08c9b956c15d701da7690f45bcb"}, {"url": "https://git.kernel.org/stable/c/7dc3bfcb4c9cc58970fff6aaa48172cb224d85aa"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fabrics: use reserved tag for reg read/write command\n\nIn some scenarios, if too many commands are issued by nvme command in\nthe same time by user tasks, this may exhaust all tags of admin_q. If\na reset (nvme reset or IO timeout) occurs before these commands finish,\nreconnect routine may fail to update nvme regs due to insufficient tags,\nwhich will cause kernel hang forever. In order to workaround this issue,\nmaybe we can let reg_read32()/reg_read64()/reg_write32() use reserved\ntags. This maybe safe for nvmf:\n\n1. For the disable ctrl path, we will not issue connect command\n2. For the enable ctrl / fw activate path, since connect and reg_xx()\n are called serially.\n\nSo the reserved tags may still be enough while reg_xx() use reserved tags."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-29T15:04:19.372Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41082", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:33:09.536Z", "dateReserved": "2024-07-12T12:17:45.633Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-29T15:04:19.372Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fabrics: use reserved tag for reg read/write command\n\nIn some scenarios, if too many commands are issued by nvme command in\nthe same time by user tasks, this may exhaust all tags of admin_q. If\na reset (nvme reset or IO timeout) occurs before these commands finish,\nreconnect routine may fail to update nvme regs due to insufficient tags,\nwhich will cause kernel hang forever. In order to workaround this issue,\nmaybe we can let reg_read32()/reg_read64()/reg_write32() use reserved\ntags. This maybe safe for nvmf:\n\n1. For the disable ctrl path, we will not issue connect command\n2. For the enable ctrl / fw activate path, since connect and reg_xx()\n are called serially.\n\nSo the reserved tags may still be enough while reg_xx() use reserved tags."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvme-fabrics: use etiqueta reservada para el comando de lectura/escritura de registro. En algunos escenarios, si el comando nvme emite demasiados comandos al mismo tiempo por las tareas del usuario, esto puede agotar todos etiquetas de admin_q. Si se produce un reinicio (reinicio de nvme o tiempo de espera de IO) antes de que finalicen estos comandos, es posible que la rutina de reconexi\u00f3n no actualice los registros de nvme debido a etiquetas insuficientes, lo que provocar\u00e1 que el kernel se cuelgue para siempre. Para solucionar este problema, tal vez podamos permitir que reg_read32()/reg_read64()/reg_write32() use etiquetas reservadas. Esto puede ser seguro para nvmf: 1. Para la ruta de activaci\u00f3n ctrl/deshabilitar, no emitiremos el comando connect. 2. Para la ruta de activaci\u00f3n ctrl/fw enable, ya que connect y reg_xx() se llaman en serie. Por lo tanto, las etiquetas reservadas pueden ser suficientes mientras reg_xx() usa etiquetas reservadas."}], "id": "CVE-2024-41082", "lastModified": "2024-07-29T16:21:52.517", "metrics": {}, "published": "2024-07-29T15:15:15.670", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/165da9c67a26f08c9b956c15d701da7690f45bcb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7dc3bfcb4c9cc58970fff6aaa48172cb224d85aa"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: nvme-fabrics: use reserved tag for reg read/write command", "id": "2300459", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300459"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnvme-fabrics: use reserved tag for reg read/write command\nIn some scenarios, if too many commands are issued by nvme command in\nthe same time by user tasks, this may exhaust all tags of admin_q. If\na reset (nvme reset or IO timeout) occurs before these commands finish,\nreconnect routine may fail to update nvme regs due to insufficient tags,\nwhich will cause kernel hang forever. In order to workaround this issue,\nmaybe we can let reg_read32()/reg_read64()/reg_write32() use reserved\ntags. This maybe safe for nvmf:\n1. For the disable ctrl path, we will not issue connect command\n2. For the enable ctrl / fw activate path, since connect and reg_xx()\nare called serially.\nSo the reserved tags may still be enough while reg_xx() use reserved tags."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-41082", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-41082\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-41082\nhttps://lore.kernel.org/linux-cve-announce/2024072926-CVE-2024-41082-6e0a@gregkh/T"], "statement": "Following issue marked as moderate with \"not affected or will not fix\" for Red Hat Enterprise Linux, as it is not vulnerable to this CVE. This is because the CVE does not impact the versions or configurations of the Linux kernel used in Red Hat's distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 6.9.11, kernel 6.10"}