CVE-2024-26769: nvmet-fc: avoid deadlock on delete association path

Description

In the Linux kernel, the following vulnerability has been resolved:

nvmet-fc: avoid deadlock on delete association path

When deleting an association the shutdown path is deadlocking because we
try to flush the nvmet_wq nested. Avoid this by deadlock by deferring
the put work into its own work item.

Classification

CVE ID: CVE-2024-26769

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.83% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://git.kernel.org/stable/c/5e0bc09a52b6169ce90f7ac6e195791adb16cec4
https://git.kernel.org/stable/c/9e6987f8937a7bd7516aa52f25cb7e12c0c92ee8
https://git.kernel.org/stable/c/eaf0971fdabf2a93c1429dc6bedf3bbe85dffa30
https://git.kernel.org/stable/c/1d86f79287206deec36d63b89c741cf542b6cadd
https://git.kernel.org/stable/c/710c69dbaccdac312e32931abcb8499c1525d397

Timeline

2024-12-20 00:34:00 UTC
CVE

nvmet-fc: avoid deadlock on delete association path