CVE-2024-46829

In the Linux kernel, the following vulnerability has been resolved: rtmutex: Drop rt_mutex::wait_lock before scheduling rt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held. In the good case it returns with the lock held and in the deadlock case it emits a warning and goes into an endless scheduling loop with the lock held, which triggers the 'scheduling in atomic' warning. Unlock rt_mutex::wait_lock in the dead lock case before issuing the warning and dropping into the schedule for ever loop. [ tglx: Moved unlock before the WARN(), removed the pointless comment, massaged changelog, added Fixes tag ]

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1401da1486dc1cdbef6025fd74a3977df3a3e5d0	Patch
https://git.kernel.org/stable/c/432efdbe7da5ecfcbc0c2180cfdbab1441752a38	Patch
https://git.kernel.org/stable/c/6a976e9a47e8e5b326de671811561cab12e6fb1f	Patch
https://git.kernel.org/stable/c/85f03ca98e07cd0786738b56ae73740bce0ac27f	Patch
https://git.kernel.org/stable/c/93f44655472d9cd418293d328f9d141ca234ad83	Patch
https://git.kernel.org/stable/c/a92d81c9efec9280681c27a2c0a963fd0f1338e0	Patch
https://git.kernel.org/stable/c/d33d26036a0274b472299d7dcdaa5fb34329f91b	Patch
https://git.kernel.org/stable/c/f13b5afc5c4889569d84c3011ce449f61fccfb28	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc6::::::

History

02 Oct 2024, 14:27

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:6.11:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc5:::::: cpe:2.3:o:linux:linux_kernel::::::::
References	~~() https://git.kernel.org/stable/c/1401da1486dc1cdbef6025fd74a3977df3a3e5d0 -~~	() https://git.kernel.org/stable/c/1401da1486dc1cdbef6025fd74a3977df3a3e5d0 - Patch
References	~~() https://git.kernel.org/stable/c/432efdbe7da5ecfcbc0c2180cfdbab1441752a38 -~~	() https://git.kernel.org/stable/c/432efdbe7da5ecfcbc0c2180cfdbab1441752a38 - Patch
References	~~() https://git.kernel.org/stable/c/6a976e9a47e8e5b326de671811561cab12e6fb1f -~~	() https://git.kernel.org/stable/c/6a976e9a47e8e5b326de671811561cab12e6fb1f - Patch
References	~~() https://git.kernel.org/stable/c/85f03ca98e07cd0786738b56ae73740bce0ac27f -~~	() https://git.kernel.org/stable/c/85f03ca98e07cd0786738b56ae73740bce0ac27f - Patch
References	~~() https://git.kernel.org/stable/c/93f44655472d9cd418293d328f9d141ca234ad83 -~~	() https://git.kernel.org/stable/c/93f44655472d9cd418293d328f9d141ca234ad83 - Patch
References	~~() https://git.kernel.org/stable/c/a92d81c9efec9280681c27a2c0a963fd0f1338e0 -~~	() https://git.kernel.org/stable/c/a92d81c9efec9280681c27a2c0a963fd0f1338e0 - Patch
References	~~() https://git.kernel.org/stable/c/d33d26036a0274b472299d7dcdaa5fb34329f91b -~~	() https://git.kernel.org/stable/c/d33d26036a0274b472299d7dcdaa5fb34329f91b - Patch
References	~~() https://git.kernel.org/stable/c/f13b5afc5c4889569d84c3011ce449f61fccfb28 -~~	() https://git.kernel.org/stable/c/f13b5afc5c4889569d84c3011ce449f61fccfb28 - Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-667
First Time		Linux linux Kernel Linux

30 Sep 2024, 12:45

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rtmutex: Se elimina rt_mutex::wait_lock antes de programar rt_mutex_handle_deadlock() se llama con rt_mutex::wait_lock retenido. En el caso bueno, regresa con el bloqueo retenido y en el caso de bloqueo, emite una advertencia y entra en un bucle de programación sin fin con el bloqueo retenido, lo que activa la advertencia 'programación en atómico'. Desbloquee rt_mutex::wait_lock en el caso de bloqueo antes de emitir la advertencia y entre en el bucle de programación para siempre. [ tglx: Se movió el desbloqueo antes de WARN(), se eliminó el comentario sin sentido, se modificó el registro de cambios, se agregó la etiqueta Fixes ]

27 Sep 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-27 13:15

Updated : 2024-10-02 14:27

NVD link : CVE-2024-46829

Mitre link : CVE-2024-46829

CVE.ORG link : CVE-2024-46829

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-667

Improper Locking

5.5 /10