CVE-2024-35998

smb3: fix lock ordering potential deadlock in cifs_sync_mid_result

Description

In the Linux kernel, the following vulnerability has been resolved: smb3: fix lock ordering potential deadlock in cifs_sync_mid_result Coverity spotted that the cifs_sync_mid_result function could deadlock "Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires lock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock" Addresses-Coverity: 1590401 ("Thread deadlock (ORDER_REVERSAL)")

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/c7a4bca289e50bb4b2650f845c41bb3e453f4c66 patch
https://git.kernel.org/stable/c/699f8958dece132709c0bff6a9700999a2a63b75 patch
https://git.kernel.org/stable/c/8248224ab5b8ca7559b671917c224296a4d671fc patch
https://git.kernel.org/stable/c/8861fd5180476f45f9e8853db154600469a0284f patch

Frequently Asked Questions

What is the severity of CVE-2024-35998?
CVE-2024-35998 has been scored as a medium severity vulnerability.
How to fix CVE-2024-35998?
To fix CVE-2024-35998, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-35998 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-35998 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-35998?
CVE-2024-35998 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.