CVE-2024-56699

{"id": "CVE-2024-56699", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-12-28T10:15:17.060", "references": [{"url": "https://git.kernel.org/stable/c/371bd905599d18da62d75e3974acbf6a41e315c7", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c1489651071ab1be46d2af1da8adb15c9fc3c069", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c4a585e952ca403a370586d3f16e8331a7564901", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-415"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pci: Fix potential double remove of hotplug slot\n\nIn commit 6ee600bfbe0f (\"s390/pci: remove hotplug slot when releasing the\ndevice\") the zpci_exit_slot() was moved from zpci_device_reserved() to\nzpci_release_device() with the intention of keeping the hotplug slot\naround until the device is actually removed.\n\nNow zpci_release_device() is only called once all references are\ndropped. Since the zPCI subsystem only drops its reference once the\ndevice is in the reserved state it follows that zpci_release_device()\nmust only deal with devices in the reserved state. Despite that it\ncontains code to tear down from both configured and standby state. For\nthe standby case this already includes the removal of the hotplug slot\nso would cause a double removal if a device was ever removed in\neither configured or standby state.\n\nInstead of causing a potential double removal in a case that should\nnever happen explicitly WARN_ON() if a device in non-reserved state is\nreleased and get rid of the dead code cases."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: s390/pci: Arreglar posible doble eliminaci\u00f3n de ranura hotplug En el commit 6ee600bfbe0f (\"s390/pci: eliminar ranura hotplug al liberar el dispositivo\"), zpci_exit_slot() se movi\u00f3 de zpci_device_reserved() a zpci_release_device() con la intenci\u00f3n de mantener la ranura hotplug hasta que el dispositivo sea realmente eliminado. Ahora, zpci_release_device() solo se llama una vez que se eliminan todas las referencias. Dado que el subsistema zPCI solo elimina su referencia una vez que el dispositivo est\u00e1 en el estado reservado, se deduce que zpci_release_device() solo debe tratar con dispositivos en el estado reservado. A pesar de eso, contiene c\u00f3digo para desmantelar tanto el estado configurado como el de espera. Para el caso de espera, esto ya incluye la eliminaci\u00f3n de la ranura hotplug, por lo que causar\u00eda una doble eliminaci\u00f3n si un dispositivo alguna vez se eliminara en estado configurado o de espera. En lugar de provocar una posible doble eliminaci\u00f3n en un caso que nunca deber\u00eda ocurrir, use WARN_ON() expl\u00edcitamente si se libera un dispositivo en estado no reservado y elimine los casos de c\u00f3digo inactivo."}], "lastModified": "2025-09-26T20:21:50.797", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA52CE66-8AE3-4BFA-82D0-77FBA8B09503", "versionEndExcluding": "6.11.11", "versionStartIncluding": "6.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776", "versionEndExcluding": "6.12.2", "versionStartIncluding": "6.12"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}