{"id":"CVE-2024-38555","summary":"net/mlx5: Discard command completions in internal error","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Discard command completions in internal error\n\nFix use after free when FW completion arrives while device is in\ninternal error state. Avoid calling completion handler in this case,\nsince the device will flush the command interface and trigger all\ncompletions manually.\n\nKernel log:\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\n...\nRIP: 0010:refcount_warn_saturate+0xd8/0xe0\n...\nCall Trace:\n\u003cIRQ\u003e\n? __warn+0x79/0x120\n? refcount_warn_saturate+0xd8/0xe0\n? report_bug+0x17c/0x190\n? handle_bug+0x3c/0x60\n? exc_invalid_op+0x14/0x70\n? asm_exc_invalid_op+0x16/0x20\n? refcount_warn_saturate+0xd8/0xe0\ncmd_ent_put+0x13b/0x160 [mlx5_core]\nmlx5_cmd_comp_handler+0x5f9/0x670 [mlx5_core]\ncmd_comp_notifier+0x1f/0x30 [mlx5_core]\nnotifier_call_chain+0x35/0xb0\natomic_notifier_call_chain+0x16/0x20\nmlx5_eq_async_int+0xf6/0x290 [mlx5_core]\nnotifier_call_chain+0x35/0xb0\natomic_notifier_call_chain+0x16/0x20\nirq_int_handler+0x19/0x30 [mlx5_core]\n__handle_irq_event_percpu+0x4b/0x160\nhandle_irq_event+0x2e/0x80\nhandle_edge_irq+0x98/0x230\n__common_interrupt+0x3b/0xa0\ncommon_interrupt+0x7b/0xa0\n\u003c/IRQ\u003e\n\u003cTASK\u003e\nasm_common_interrupt+0x22/0x40","modified":"2026-04-16T04:30:35.339472782Z","published":"2024-06-19T13:35:26.059Z","related":["SUSE-SU-2024:2372-1","SUSE-SU-2024:2394-1","SUSE-SU-2024:2571-1","SUSE-SU-2024:2894-1","SUSE-SU-2024:2896-1","SUSE-SU-2024:2902-1","SUSE-SU-2024:2929-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:2947-1","SUSE-SU-2024:2973-1","SUSE-SU-2025:20008-1","SUSE-SU-2025:20028-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38555.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1d5dce5e92a70274de67a59e1e674c3267f94cd7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3cb92b0ad73d3f1734e812054e698d655e9581b0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7ac4c69c34240c6de820492c0a28a0bd1494265a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bf8aaf0ae01c27ae3c06aa8610caf91e50393396"},{"type":"WEB","url":"https://git.kernel.org/stable/c/db9b31aa9bc56ff0d15b78f7e827d61c4a096e40"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f6fbb8535e990f844371086ab2c1221f71f993d3"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38555.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38555"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"27c79b3a9212cf4ba634c157e07d29548181a208"},{"fixed":"f6fbb8535e990f844371086ab2c1221f71f993d3"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"51d138c2610a236c1ed0059d034ee4c74f452b86"},{"fixed":"3cb92b0ad73d3f1734e812054e698d655e9581b0"},{"fixed":"bf8aaf0ae01c27ae3c06aa8610caf91e50393396"},{"fixed":"1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb"},{"fixed":"1d5dce5e92a70274de67a59e1e674c3267f94cd7"},{"fixed":"7ac4c69c34240c6de820492c0a28a0bd1494265a"},{"fixed":"db9b31aa9bc56ff0d15b78f7e827d61c4a096e40"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"2e5d24b3bf091802c5456dc8f8f6a6be4493c8ca"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38555.json"}}],"schema_version":"1.7.5"}