{"id":"AZL-54978","summary":"CVE-2024-26775 affecting package kernel 5.15.200.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\naoe: avoid potential deadlock at set_capacity\n\nMove set_capacity() outside of the section procected by (&d-\u003elock).\nTo avoid possible interrupt unsafe locking scenario:\n\n        CPU0                    CPU1\n        ----                    ----\n[1] lock(&bdev-\u003ebd_size_lock);\n                                local_irq_disable();\n                            [2] lock(&d-\u003elock);\n                            [3] lock(&bdev-\u003ebd_size_lock);\n   \u003cInterrupt\u003e\n[4]  lock(&d-\u003elock);\n\n  *** DEADLOCK ***\n\nWhere [1](&bdev-\u003ebd_size_lock) hold by zram_add()-\u003eset_capacity().\n[2]lock(&d-\u003elock) hold by aoeblk_gdalloc(). And aoeblk_gdalloc()\nis trying to acquire [3](&bdev-\u003ebd_size_lock) at set_capacity() call.\nIn this situation an attempt to acquire [4]lock(&d-\u003elock) from\naoecmd_cfg_rsp() will lead to deadlock.\n\nSo the simplest solution is breaking lock dependency\n[2](&d-\u003elock) -\u003e [3](&bdev-\u003ebd_size_lock) by moving set_capacity()\noutside.","modified":"2026-04-01T05:18:27.050377Z","published":"2024-04-03T17:15:53Z","upstream":["CVE-2024-26775"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26775"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"5.15.200.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-54978.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}