CVE-2024-27021 — Improper Locking in Linux
Severity
7.8HIGHNVD
EPSS
0.0%
top 98.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 1
Latest updateJul 26
Description
In the Linux kernel, the following vulnerability has been resolved:
r8169: fix LED-related deadlock on module removal
Binding devm_led_classdev_register() to the netdev is problematic
because on module removal we get a RTNL-related deadlock. Fix this
by avoiding the device-managed LED functions.
Note: We can safely call led_classdev_unregister() for a LED even
if registering it failed, because led_classdev_unregister() detects
this and is a no-op in this case.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages3 packages
▶CVEListV5linux/linux18764b883e157e28126b54e7d4ba9dd487d5bf54 — 53d986f39acd8ea11c9e460732bfa5add66360d9+2
Also affects: Fedora 38, 39, 40
Patches
🔴Vulnerability Details
3OSV▶
CVE-2024-27021: In the Linux kernel, the following vulnerability has been resolved: r8169: fix LED-related deadlock on module removal Binding devm_led_classdev_regist↗2024-05-01
GHSA▶
GHSA-684m-v6v9-3h53: In the Linux kernel, the following vulnerability has been resolved:
r8169: fix LED-related deadlock on module removal
Binding devm_led_classdev_regi↗2024-05-01