{"id":"CVE-2024-38556","summary":"net/mlx5: Add a timeout to acquire the command queue semaphore","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Add a timeout to acquire the command queue semaphore\n\nPrevent forced completion handling on an entry that has not yet been\nassigned an index, causing an out of bounds access on idx = -22.\nInstead of waiting indefinitely for the sem, blocking flow now waits for\nindex to be allocated or a sem acquisition timeout before beginning the\ntimer for FW completion.\n\nKernel log example:\nmlx5_core 0000:06:00.0: wait_func_handle_exec_timeout:1128:(pid 185911): cmd[-22]: CREATE_UCTX(0xa04) No done completion","modified":"2026-04-16T00:07:22.435746212Z","published":"2024-06-19T13:35:26.753Z","related":["ALSA-2024:8162","SUSE-SU-2024:2372-1","SUSE-SU-2024:2394-1","SUSE-SU-2024:2571-1","SUSE-SU-2024:2896-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:2973-1","SUSE-SU-2025:20008-1","SUSE-SU-2025:20028-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38556.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/2d0962d05c93de391ce85f6e764df895f47c8918"},{"type":"WEB","url":"https://git.kernel.org/stable/c/485d65e1357123a697c591a5aeb773994b247ad7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4baae687a20ef2b82fde12de3c04461e6f2521d6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/94024332a129c6e4275569d85c0c1bfb2ae2d71b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f9caccdd42e999b74303c9b0643300073ed5d319"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38556.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38556"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8e715cd613a1e872b9d918e912d90b399785761a"},{"fixed":"4baae687a20ef2b82fde12de3c04461e6f2521d6"},{"fixed":"f9caccdd42e999b74303c9b0643300073ed5d319"},{"fixed":"2d0962d05c93de391ce85f6e764df895f47c8918"},{"fixed":"94024332a129c6e4275569d85c0c1bfb2ae2d71b"},{"fixed":"485d65e1357123a697c591a5aeb773994b247ad7"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"74dd45122b84479eee50bd0956ae8bc5799c9f8a"},{"last_affected":"e801f81cee3c8901f52ee48c6329802b28fbb49c"},{"last_affected":"d73d81447c6651904dd4a9e3fd88651ff174c1b7"},{"last_affected":"4646175c19fd019b773444a11ff62748eb83745b"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38556.json"}}],"schema_version":"1.7.5"}