CVE-2024-27021

high

Description

In the Linux kernel, the following vulnerability has been resolved: r8169: fix LED-related deadlock on module removal Binding devm_led_classdev_register() to the netdev is problematic because on module removal we get a RTNL-related deadlock. Fix this by avoiding the device-managed LED functions. Note: We can safely call led_classdev_unregister() for a LED even if registering it failed, because led_classdev_unregister() detects this and is a no-op in this case.

References

https://git.kernel.org/stable/c/53d986f39acd8ea11c9e460732bfa5add66360d9

https://git.kernel.org/stable/c/19fa4f2a85d777a8052e869c1b892a2f7556569d

Details

Source: Mitre, NVD

Published: 2024-05-01

Updated: 2024-05-23

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High