{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-26698","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-19T14:20:24.157Z","datePublished":"2024-04-03T14:54:58.577Z","dateUpdated":"2026-05-11T20:02:28.322Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T20:02:28.322Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nhv_netvsc: Fix race condition between netvsc_probe and netvsc_remove\n\nIn commit ac5047671758 (\"hv_netvsc: Disable NAPI before closing the\nVMBus channel\"), napi_disable was getting called for all channels,\nincluding all subchannels without confirming if they are enabled or not.\n\nThis caused hv_netvsc getting hung at napi_disable, when netvsc_probe()\nhas finished running but nvdev->subchan_work has not started yet.\nnetvsc_subchan_work() -> rndis_set_subchannel() has not created the\nsub-channels and because of that netvsc_sc_open() is not running.\nnetvsc_remove() calls cancel_work_sync(&nvdev->subchan_work), for which\nnetvsc_subchan_work did not run.\n\nnetif_napi_add() sets the bit NAPI_STATE_SCHED because it ensures NAPI\ncannot be scheduled. Then netvsc_sc_open() -> napi_enable will clear the\nNAPIF_STATE_SCHED bit, so it can be scheduled. napi_disable() does the\nopposite.\n\nNow during netvsc_device_remove(), when napi_disable is called for those\nsubchannels, napi_disable gets stuck on infinite msleep.\n\nThis fix addresses this problem by ensuring that napi_disable() is not\ngetting called for non-enabled NAPI struct.\nBut netif_napi_del() is still necessary for these non-enabled NAPI struct\nfor cleanup purpose.\n\nCall trace:\n[  654.559417] task:modprobe        state:D stack:    0 pid: 2321 ppid:  1091 flags:0x00004002\n[  654.568030] Call Trace:\n[  654.571221]  <TASK>\n[  654.573790]  __schedule+0x2d6/0x960\n[  654.577733]  schedule+0x69/0xf0\n[  654.581214]  schedule_timeout+0x87/0x140\n[  654.585463]  ? __bpf_trace_tick_stop+0x20/0x20\n[  654.590291]  msleep+0x2d/0x40\n[  654.593625]  napi_disable+0x2b/0x80\n[  654.597437]  netvsc_device_remove+0x8a/0x1f0 [hv_netvsc]\n[  654.603935]  rndis_filter_device_remove+0x194/0x1c0 [hv_netvsc]\n[  654.611101]  ? do_wait_intr+0xb0/0xb0\n[  654.615753]  netvsc_remove+0x7c/0x120 [hv_netvsc]\n[  654.621675]  vmbus_remove+0x27/0x40 [hv_vmbus]"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/hyperv/netvsc.c"],"versions":[{"version":"ac5047671758ad4be9f93898247b3a8b6dfde4c7","lessThan":"9ec807e7b6f5fcf9499f3baa69f254bb239a847f","status":"affected","versionType":"git"},{"version":"ac5047671758ad4be9f93898247b3a8b6dfde4c7","lessThan":"7656372ae190e54e8c8cf1039725a5ea59fdf84a","status":"affected","versionType":"git"},{"version":"ac5047671758ad4be9f93898247b3a8b6dfde4c7","lessThan":"48a8ccccffbae10c91d31fc872db5c31aba07518","status":"affected","versionType":"git"},{"version":"ac5047671758ad4be9f93898247b3a8b6dfde4c7","lessThan":"22a77c0f5b8233237731df3288d067af51a2fd7b","status":"affected","versionType":"git"},{"version":"ac5047671758ad4be9f93898247b3a8b6dfde4c7","lessThan":"0e8875de9dad12805ff66e92cd5edea6a421f1cd","status":"affected","versionType":"git"},{"version":"ac5047671758ad4be9f93898247b3a8b6dfde4c7","lessThan":"e0526ec5360a48ad3ab2e26e802b0532302a7e11","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/hyperv/netvsc.c"],"versions":[{"version":"5.8","status":"affected"},{"version":"0","lessThan":"5.8","status":"unaffected","versionType":"semver"},{"version":"5.10.210","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.149","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.79","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.18","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.7.6","lessThanOrEqual":"6.7.*","status":"unaffected","versionType":"semver"},{"version":"6.8","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8","versionEndExcluding":"5.10.210"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8","versionEndExcluding":"5.15.149"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8","versionEndExcluding":"6.1.79"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8","versionEndExcluding":"6.6.18"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8","versionEndExcluding":"6.7.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8","versionEndExcluding":"6.8"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/9ec807e7b6f5fcf9499f3baa69f254bb239a847f"},{"url":"https://git.kernel.org/stable/c/7656372ae190e54e8c8cf1039725a5ea59fdf84a"},{"url":"https://git.kernel.org/stable/c/48a8ccccffbae10c91d31fc872db5c31aba07518"},{"url":"https://git.kernel.org/stable/c/22a77c0f5b8233237731df3288d067af51a2fd7b"},{"url":"https://git.kernel.org/stable/c/0e8875de9dad12805ff66e92cd5edea6a421f1cd"},{"url":"https://git.kernel.org/stable/c/e0526ec5360a48ad3ab2e26e802b0532302a7e11"}],"title":"hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-26698","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-04-03T18:03:45.740958Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:49:08.824Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T00:14:12.951Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/9ec807e7b6f5fcf9499f3baa69f254bb239a847f","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/7656372ae190e54e8c8cf1039725a5ea59fdf84a","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/48a8ccccffbae10c91d31fc872db5c31aba07518","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/22a77c0f5b8233237731df3288d067af51a2fd7b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/0e8875de9dad12805ff66e92cd5edea6a421f1cd","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/e0526ec5360a48ad3ab2e26e802b0532302a7e11","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html","tags":["x_transferred"]}]}]},"dataVersion":"5.2"}