CVE-2024-38591: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-38591 is a vulnerability discovered in the Linux kernel affecting the RDMA/hns (Remote Direct Memory Access/HiSilicon) driver component. The vulnerability was disclosed on June 19, 2024, and involves a potential deadlock condition in SRQ (Shared Receive Queue) async events handling. The issue affects Linux kernel versions from 5.0 up to versions before 5.15.161, 6.1.93, 6.6.33, 6.8.12, and 6.9.3 (NVD).

The vulnerability stems from improper locking mechanisms in the RDMA/hns driver's SRQ async events handling. Specifically, the xalock for the SRQ table may be required in AEQ (Asynchronous Event Queue), but the original implementation used standard xastore and xaerase operations which could lead to deadlock conditions. The issue was introduced in commit 81fce6291d99 ("RDMA/hns: Add SRQ asynchronous event support"). The fix involves replacing xastore/xaerase with xastoreirq/xaerase_irq to prevent deadlock scenarios (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can result in a deadlock condition in the Linux kernel's RDMA subsystem, specifically affecting HiSilicon's RDMA driver. This could lead to a denial of service condition, potentially affecting system availability for systems using the affected RDMA/hns driver component (NVD).

The vulnerability has been fixed in multiple Linux kernel versions. Ubuntu has released patches for various affected versions including 24.04 LTS (6.8.0-40.40), 22.04 LTS (5.15.0-121.131), and others (Ubuntu). Users are advised to update their Linux kernel to the patched versions: 5.15.161 or later for the 5.15 branch, 6.1.93 or later for the 6.1 branch, 6.6.33 or later for the 6.6 branch, 6.8.12 or later for the 6.8 branch, and 6.9.3 or later for the 6.9 branch (NVD).