CVE-2024-46829
Published: September 28, 2024Last modified: September 28, 2024
Description
In the Linux kernel, the following vulnerability has been resolved: rtmutex: Drop rt_mutex::wait_lock before scheduling rt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held. In the good case it returns with the lock held and in the deadlock case it emits a warning and goes into an endless scheduling loop with the lock held, which triggers the 'scheduling in atomic' warning. Unlock rt_mutex::wait_lock in the dead lock case before issuing the warning and dropping into the schedule for ever loop. [ tglx: Moved unlock before the WARN(), removed the pointless comment, massaged changelog, added Fixes tag ]
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.110-r0) |
| Stream | linux-lts | Fixed (6.6.58-r0) |
References
- https://git.kernel.org/stable/c/1401da1486dc1cdbef6025fd74a3977df3a3e5d0
- https://git.kernel.org/stable/c/432efdbe7da5ecfcbc0c2180cfdbab1441752a38
- https://git.kernel.org/stable/c/6a976e9a47e8e5b326de671811561cab12e6fb1f
- https://git.kernel.org/stable/c/85f03ca98e07cd0786738b56ae73740bce0ac27f
- https://git.kernel.org/stable/c/93f44655472d9cd418293d328f9d141ca234ad83
- https://git.kernel.org/stable/c/a92d81c9efec9280681c27a2c0a963fd0f1338e0
- https://git.kernel.org/stable/c/d33d26036a0274b472299d7dcdaa5fb34329f91b
- https://git.kernel.org/stable/c/f13b5afc5c4889569d84c3011ce449f61fccfb28