CVE-2024-45007

medium

Description

In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Don't destroy workqueue from work item running on it Triggered by a kref decrement, destroy_workqueue() may be called from within a work item for destroying its own workqueue. This illegal situation is averted by adding a module-global workqueue for exclusive use of the offending work item. Other work items continue to be queued on per-device workqueues to ensure performance.

References

https://git.kernel.org/stable/c/ccbde4b128ef9c73d14d0d7817d68ef795f6d131

https://git.kernel.org/stable/c/aa1a19724fa2c31e97a9be48baedd4692b265157

https://git.kernel.org/stable/c/a7ad105b12256ec7fb6d6d1a0e2e60f00b7da157

https://git.kernel.org/stable/c/5d3567caff2a1d678aa40cc74a54e1318941fad3

https://git.kernel.org/stable/c/409b495f8e3300d5fba08bc817fa8825dae48cc9

Details

Source: Mitre, NVD

Published: 2024-09-04

Updated: 2024-09-05

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium