CVE-2024-46829

Oct. 2, 2024, 2:27 p.m.

5.5
Medium

Description

In the Linux kernel, the following vulnerability has been resolved: rtmutex: Drop rt_mutex::wait_lock before scheduling rt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held. In the good case it returns with the lock held and in the deadlock case it emits a warning and goes into an endless scheduling loop with the lock held, which triggers the 'scheduling in atomic' warning. Unlock rt_mutex::wait_lock in the dead lock case before issuing the warning and dropping into the schedule for ever loop. [ tglx: Moved unlock before the WARN(), removed the pointless comment, massaged changelog, added Fixes tag ]

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *, 6.11

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-667
Improper Locking
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel 6.11 rc1 / / / / / /
o linux linux_kernel 6.11 rc2 / / / / / /
o linux linux_kernel 6.11 rc3 / / / / / /
o linux linux_kernel 6.11 rc4 / / / / / /
o linux linux_kernel 6.11 rc5 / / / / / /
o linux linux_kernel 6.11 rc6 / / / / / /

References

https://git.kernel.org/stable/c/1401da1486dc1cdbef6025fd74a3977df3a3e5d0
https://git.kernel.org/stable/c/432efdbe7da5ecfcbc0c2180cfdbab1441752a38
https://git.kernel.org/stable/c/6a976e9a47e8e5b326de671811561cab12e6fb1f
https://git.kernel.org/stable/c/85f03ca98e07cd0786738b56ae73740bce0ac27f
https://git.kernel.org/stable/c/93f44655472d9cd418293d328f9d141ca234ad83
https://git.kernel.org/stable/c/a92d81c9efec9280681c27a2c0a963fd0f1338e0
https://git.kernel.org/stable/c/d33d26036a0274b472299d7dcdaa5fb34329f91b
https://git.kernel.org/stable/c/f13b5afc5c4889569d84c3011ce449f61fccfb28

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-667
2024-09-27
CVE-2024-46829

CVSS Score

5.5 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

    View Vector String

Timeline

Published: Sept. 27, 2024, 1:15 p.m.
Last Modified: Oct. 2, 2024, 2:27 p.m.

Status : Analyzed

CVE has had analysis completed and all data associations made.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.