CVE-2024-46692

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Mark get_wq_ctx() as atomic call Currently get_wq_ctx() is wrongly configured as a standard call. When two SMC calls are in sleep and one SMC wakes up, it calls get_wq_ctx() to resume the corresponding sleeping thread. But if get_wq_ctx() is interrupted, goes to sleep and another SMC call is waiting to be allocated a waitq context, it leads to a deadlock. To avoid this get_wq_ctx() must be an atomic call and can't be a standard SMC call. Hence mark get_wq_ctx() as a fast call.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/9960085a3a82c58d3323c1c20b991db6045063b0	Patch
https://git.kernel.org/stable/c/cdf7efe4b02aa93813db0bf1ca596ad298ab6b06	Patch
https://git.kernel.org/stable/c/e40115c33c0d79c940545b6b12112aace7acd9f5	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc5::::::

History

No history.

Information

Published : 2024-09-13 06:15

Updated : 2024-09-13 16:52

NVD link : CVE-2024-46692

Mitre link : CVE-2024-46692

CVE.ORG link : CVE-2024-46692

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-667

Improper Locking

{"id": "CVE-2024-46692", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-09-13T06:15:14.047", "references": [{"url": "https://git.kernel.org/stable/c/9960085a3a82c58d3323c1c20b991db6045063b0", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/cdf7efe4b02aa93813db0bf1ca596ad298ab6b06", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e40115c33c0d79c940545b6b12112aace7acd9f5", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-667"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: scm: Mark get_wq_ctx() as atomic call\n\nCurrently get_wq_ctx() is wrongly configured as a standard call. When two\nSMC calls are in sleep and one SMC wakes up, it calls get_wq_ctx() to\nresume the corresponding sleeping thread. But if get_wq_ctx() is\ninterrupted, goes to sleep and another SMC call is waiting to be allocated\na waitq context, it leads to a deadlock.\n\nTo avoid this get_wq_ctx() must be an atomic call and can't be a standard\nSMC call. Hence mark get_wq_ctx() as a fast call."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware: qcom: scm: Marcar get_wq_ctx() como llamada at\u00f3mica Actualmente get_wq_ctx() est\u00e1 configurado incorrectamente como una llamada est\u00e1ndar. Cuando dos llamadas SMC est\u00e1n en suspensi\u00f3n y una SMC se despierta, llama a get_wq_ctx() para reanudar el hilo dormido correspondiente. Pero si get_wq_ctx() se interrumpe, se pone en suspensi\u00f3n y otra llamada SMC est\u00e1 esperando a que se le asigne un contexto waitq, conduce a un bloqueo. Para evitar esto, get_wq_ctx() debe ser una llamada at\u00f3mica y no puede ser una llamada SMC est\u00e1ndar. Por lo tanto, marque get_wq_ctx() como una llamada r\u00e1pida."}], "lastModified": "2024-09-13T16:52:31.627", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "317A2689-BFEC-4C68-A8FF-A961C72445FA", "versionEndExcluding": "6.6.49", "versionStartIncluding": "6.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B5D46C3-56A4-4380-9309-27BF73DF29A7", "versionEndExcluding": "6.10.8", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}