CVE-2024-45007 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Don't destroy workqueue from work item running on it Triggered by a kref decrement, destroy_workqueue() may be called from within a work item for destroying its own workqueue. This illegal situation is averted by adding a module-global workqueue for exclusive use of the offending work item. Other work items continue to be queued on per-device workqueues to ensure performance.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

References

Link	Providers
https://git.kernel.org/stable/c/409b495f8e3300d5fba08bc817fa8825dae48cc9
https://git.kernel.org/stable/c/5d3567caff2a1d678aa40cc74a54e1318941fad3
https://git.kernel.org/stable/c/a7ad105b12256ec7fb6d6d1a0e2e60f00b7da157
https://git.kernel.org/stable/c/aa1a19724fa2c31e97a9be48baedd4692b265157
https://git.kernel.org/stable/c/ccbde4b128ef9c73d14d0d7817d68ef795f6d131
https://lore.kernel.org/linux-cve-announce/2024090452-CVE-2024-45007-74c8@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-45007
https://www.cve.org/CVERecord?id=CVE-2024-45007

History

Thu, 05 Sep 2024 01:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024090452-CVE-2024-45007-74c8@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-45007 https://www.cve.org/CVERecord?id=CVE-2024-45007
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 04 Sep 2024 21:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 04 Sep 2024 20:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Don't destroy workqueue from work item running on it Triggered by a kref decrement, destroy_workqueue() may be called from within a work item for destroying its own workqueue. This illegal situation is averted by adding a module-global workqueue for exclusive use of the offending work item. Other work items continue to be queued on per-device workqueues to ensure performance.
Title		char: xillybus: Don't destroy workqueue from work item running on it
References		https://git.kernel.org/stable/c/409b495f8e3300d5fba08bc817fa8825dae48cc9 https://git.kernel.org/stable/c/5d3567caff2a1d678aa40cc74a54e1318941fad3 https://git.kernel.org/stable/c/a7ad105b12256ec7fb6d6d1a0e2e60f00b7da157 https://git.kernel.org/stable/c/aa1a19724fa2c31e97a9be48baedd4692b265157 https://git.kernel.org/stable/c/ccbde4b128ef9c73d14d0d7817d68ef795f6d131

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-09-04T19:54:49.037Z

Updated: 2025-05-15T12:13:59.999Z

Reserved: 2024-08-21T05:34:56.679Z

Link: CVE-2024-45007

Vulnrichment

Updated: 2024-09-04T20:18:05.924Z

NVD

Status : Awaiting Analysis

Published: 2024-09-04T20:15:09.053

Modified: 2024-09-05T12:53:21.110

Link: CVE-2024-45007

Redhat

Severity : Moderate

Publid Date: 2024-09-04T00:00:00Z

Links: CVE-2024-45007 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object