CVE-2024-53093 Affecting kernel-cross-headers package, versions *
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL8-KERNELCROSSHEADERS-8405654
- published 26 Nov 2024
- disclosed 21 Nov 2024
How to fix?
There is no fixed version for RHEL:8 kernel-cross-headers.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-cross-headers package and not the kernel-cross-headers package as distributed by RHEL.
See How to fix? for RHEL:8 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
nvme-multipath: defer partition scanning
We need to suppress the partition scan from occuring within the controller's scan_work context. If a path error occurs here, the IO will wait until a path becomes available or all paths are torn down, but that action also occurs within scan_work, so it would deadlock. Defer the partion scan to a different context that does not block scan_work.
References
- https://access.redhat.com/security/cve/CVE-2024-53093
- https://git.kernel.org/stable/c/1f021341eef41e77a633186e9be5223de2ce5d48
- https://git.kernel.org/stable/c/4a57f42e5ed42cb8f1beb262c4f6d3e698939e4e
- https://git.kernel.org/stable/c/60de2e03f984cfbcdc12fa552f95087c35a05a98
- https://git.kernel.org/stable/c/a91b7eddf45afeeb9c5ece11dddff5de0921b00f