CVE-2024-35819

soc: fsl: qbman: Use raw spinlock for cgr_lock

Description

In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: Use raw spinlock for cgr_lock smp_call_function always runs its callback in hard IRQ context, even on PREEMPT_RT, where spinlocks can sleep. So we need to use a raw spinlock for cgr_lock to ensure we aren't waiting on a sleeping task. Although this bug has existed for a while, it was not apparent until commit ef2a8d5478b9 ("net: dpaa: Adjust queue depth on rate change") which invokes smp_call_function_single via qman_update_cgr_safe every time a link goes up or down.

N/A
CVSS
Severity:
EPSS 0.27%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/2b3fede8225133671ce837c0d284804aa3bc7a02
https://git.kernel.org/stable/c/ff50716b7d5b7985979a5b21163cd79fb3d21d59
https://git.kernel.org/stable/c/32edca2f03a6cc42c650ddc3ad83d086e3f365d1
https://git.kernel.org/stable/c/9a3ca8292ce9fdcce122706c28c3f07bc857fe5e
https://git.kernel.org/stable/c/d6b5aac451c9cc12e43ab7308e0e2ddc52c62c14
https://git.kernel.org/stable/c/54d26adf64c04f186098b39dba86b86037084baa
https://git.kernel.org/stable/c/f39d36b7540cf0088ed7ce2de2794f2aa237f6df
https://git.kernel.org/stable/c/cd53a8ae5aacb4ecd25088486dea1cd02e74b506
https://git.kernel.org/stable/c/fbec4e7fed89b579f2483041fabf9650fb0dd6bc
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Frequently Asked Questions

What is the severity of CVE-2024-35819?
CVE-2024-35819 has not yet been assigned a CVSS score.
How to fix CVE-2024-35819?
To fix CVE-2024-35819, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-35819 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-35819 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-35819?
CVE-2024-35819 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.