CVE-2024-38557

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, specifically in the net/mlx5 module. The issue occurs when the lag disable/enable function is called, causing the bond IB device and its representors to be destroyed and then reloaded. If the slave IB representor load fails, the eswitch error flow unloads all representors, including ethernet representors, which can lead to a deadlock. The lag driver is not responsible for loading/unloading ethernet representors, and the flow described above can trigger a deadlock when the lag lock is required again. The vulnerability is resolved by loading and unloading only the IB representors of the slaves, preventing the deadlock.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-833CWE-667

Related Identifiers

ALSA-2025_16880

ALT-PU-2024-13979

ALT-PU-2024-14046

AZL-48307

BDU:2025-03046

CVE-2024-38557

ECHO-EA9F-9C92-F832

MGASA-2024-0263

MGASA-2024-0266

OESA-2024-2076

OPENSUSE-SU-2024_2372-1

OPENSUSE-SU-2024_2394-1

SUSE-SU-2024:2372-1

SUSE-SU-2024:2394-1

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

USN-6949-1

USN-6949-2

USN-6952-1

USN-6952-2

USN-6955-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Linux Kernel

Suse

Ubuntu

CVE-2024-38557

Weakness Enumeration

Related Identifiers

Affected Products

References · 2972