CVE-2024-53093: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-53093 affects the Linux kernel's NVMe multipath functionality. The vulnerability was discovered in November 2024 and involves a potential deadlock condition in the partition scanning process within the controller's scan_work context (NVD). The issue affects multiple versions of the Linux kernel up to versions 6.1.118, 6.6.62, and 6.11.9 (NVD).

The vulnerability occurs in the NVMe multipath driver where partition scanning takes place within the controller's scan_work context. If a path error occurs during this process, the I/O will wait until a path becomes available or all paths are torn down. However, since this action also occurs within scan_work, it creates a deadlock condition. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a deadlock condition in the Linux kernel's NVMe multipath functionality, potentially causing system unavailability or denial of service when handling NVMe storage devices with multiple paths (NVD).

The vulnerability has been fixed by deferring the partition scan to a different context that does not block scan_work. The fix involves suppressing the partition scan from occurring within the controller's scan_work context and implementing a new partition_scan_work function to handle the scanning in a separate context (Kernel Patch).