CVE-2024-38597

eth: sungem: remove .ndo_poll_controller to avoid deadlocks

Description

In the Linux kernel, the following vulnerability has been resolved: eth: sungem: remove .ndo_poll_controller to avoid deadlocks Erhard reports netpoll warnings from sungem: netpoll_send_skb_on_dev(): eth0 enabled interrupts in poll (gem_start_xmit+0x0/0x398) WARNING: CPU: 1 PID: 1 at net/core/netpoll.c:370 netpoll_send_skb+0x1fc/0x20c gem_poll_controller() disables interrupts, which may sleep. We can't sleep in netpoll, it has interrupts disabled completely. Strangely, gem_poll_controller() doesn't even poll the completions, and instead acts as if an interrupt has fired so it just schedules NAPI and exits. None of this has been necessary for years, since netpoll invokes NAPI directly.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/e22b23f5888a065d084e87db1eec639c445e677f patch
https://git.kernel.org/stable/c/fbeeb55dbb33d562149c57e794f06b7414e44289 patch
https://git.kernel.org/stable/c/476adb3bbbd7886e8251d3b9ce2d3c3e680f35d6 patch
https://git.kernel.org/stable/c/5de5aeb98f9a000adb0db184e32765e4815d860b patch
https://git.kernel.org/stable/c/faf94f1eb8a34b2c31b2042051ef36f63420ecce patch
https://git.kernel.org/stable/c/6400d205fbbcbcf9b8510157e1f379c1d7e2e937 patch
https://git.kernel.org/stable/c/ac0a230f719b02432d8c7eba7615ebd691da86f4 patch

Frequently Asked Questions

What is the severity of CVE-2024-38597?
CVE-2024-38597 has been scored as a medium severity vulnerability.
How to fix CVE-2024-38597?
To fix CVE-2024-38597, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-38597 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-38597 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-38597?
CVE-2024-38597 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.