CVE-2024-56589 — Resource Injection in Linux

CWE-99 — Resource Injection56 documents7 sources

Severity

5.5MEDIUMNVD

OSV8.8OSV7.8

EPSS

0.0%

top 99.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +1 more

Timeline

PublishedDec 27

Latest updateAug 14

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Add cond_resched() for no forced preemption model For no forced preemption model kernel, in the scenario where the expander is connected to 12 high performance SAS SSDs, the following call trace may occur: [ 214.409199][ C240] watchdog: BUG: soft lockup - CPU#240 stuck for 22s! [irq/149-hisi_sa:3211] [ 214.568533][ C240] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--) [ 214.575224][ C240] pc : fput_many+0…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

▶NVDlinux/linux_kernel4.5 — 5.10.231+4

▶Debianlinux/linux_kernel< 5.10.234-1+3

▶Ubuntulinux/linux_kernel< 5.15.0-135.146+1

▶CVEListV5linux/linux47caad1577cd7a39e2048c5e4edbce4b863dc12b — 3dd2c5cb2c698a02a4ed2ea0acb7c9909374a8bf+6

▶debiandebian/linux< linux 6.1.123-1 (bookworm)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-raspi vulnerabilities↗2025-05-26

▶

OSV

linux-raspi-realtime vulnerabilities↗2025-05-20

▶

OSV

linux-gcp-5.15 vulnerabilities↗2025-04-28

▶

OSV

linux-azure-nvidia vulnerabilities↗2025-04-28

▶

OSV

linux-intel-iotg-5.15 vulnerabilities↗2025-04-24

▶

📋Vendor Advisories

CISA ICS

Siemens Third-Party Components in SINEC OS↗2025-08-14

▶

Ubuntu

Linux kernel (Raspberry Pi) vulnerabilities↗2025-05-26

▶

Ubuntu

Linux kernel (Raspberry Pi Real-time) vulnerabilities↗2025-05-20

▶

Ubuntu

Linux kernel (GCP) vulnerabilities↗2025-04-28

▶

Ubuntu

Linux kernel (Azure, N-Series) vulnerabilities↗2025-04-28

▶