CVE-2024-39507

net: hns3: fix kernel crash problem in concurrent scenario

Description

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash problem in concurrent scenario When link status change, the nic driver need to notify the roce driver to handle this event, but at this time, the roce driver may uninit, then cause kernel crash. To fix the problem, when link status change, need to check whether the roce registered, and when uninit, need to wait link update finish.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.06%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/62b5dfb67bfa8bd0301bf3442004563495f9ee48 patch
https://git.kernel.org/stable/c/6d0007f7b69d684879a0f598a042e40244d3cf63 patch
https://git.kernel.org/stable/c/689de7c3bfc7d47e0eacc641c4ce4a0f579aeefa patch
https://git.kernel.org/stable/c/b2c5024b771cd1dd8175d5f6949accfadbab7edd patch
https://git.kernel.org/stable/c/12cda920212a49fa22d9e8b9492ac4ea013310a4 patch

Frequently Asked Questions

What is the severity of CVE-2024-39507?
CVE-2024-39507 has been scored as a medium severity vulnerability.
How to fix CVE-2024-39507?
To fix CVE-2024-39507, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-39507 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-39507 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-39507?
CVE-2024-39507 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.