CVE-2024-53169

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A kernel crash can occur while shutting down a fabric controller due to a race condition between the fabric controller admin queue destroy code path and the hw/hctx queue dispatcher called from the nvme keep-alive async request queuing operation. This issue is caused by changes implemented in a specific commit, which removed the keep-alive stop operation from the beginning of the controller shutdown code path and added it under a function that executes late in the shutdown code path. The nvme keep-alive operation can sneak in while shutting down the controller, leading to a crash. The nvme keep alive work function and blk mq sched dispatch requests function are involved in this issue. The admin->q usage counter variable is decremented, and if it becomes zero, the admin queue is deleted, causing the crash.

Recommendations To fix the observed crash, move the nvme stop keep alive function from nvme uninit ctrl to nvme remove admin tag set. This change ensures that the admin queue is not deleted until the keep-alive operation is finished or cancelled, containing the race condition and avoiding the crash. At the moment, there is no information about a newer version that contains a fix for this vulnerability.