CVE-2024-27435

nvme: fix reconnection fail due to reserved tag allocation

Description

In the Linux kernel, the following vulnerability has been resolved: nvme: fix reconnection fail due to reserved tag allocation We found a issue on production environment while using NVMe over RDMA, admin_q reconnect failed forever while remote target and network is ok. After dig into it, we found it may caused by a ABBA deadlock due to tag allocation. In my case, the tag was hold by a keep alive request waiting inside admin_q, as we quiesced admin_q while reset ctrl, so the request maked as idle and will not process before reset success. As fabric_q shares tagset with admin_q, while reconnect remote target, we need a tag for connect command, but the only one reserved tag was held by keep alive command which waiting inside admin_q. As a result, we failed to reconnect admin_q forever. In order to fix this issue, I think we should keep two reserved tags for admin queue.

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.06%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/149afee5c7418ec5db9d7387b9c9a5c1eb7ea2a8
https://git.kernel.org/stable/c/ff2f90f88d78559802466ad1c84ac5bda4416b3a
https://git.kernel.org/stable/c/6851778504cdb49431809b4ba061903d5f592c96
https://git.kernel.org/stable/c/262da920896e2f2ab0e3947d9dbee0aa09045818
https://git.kernel.org/stable/c/de105068fead55ed5c07ade75e9c8e7f86a00d1d

Frequently Asked Questions

What is the severity of CVE-2024-27435?
CVE-2024-27435 has been scored as a medium severity vulnerability.
How to fix CVE-2024-27435?
To fix CVE-2024-27435, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-27435 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-27435 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-27435?
CVE-2024-27435 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.