CVE-2024-46868

Published: Sep 27, 2024Modified: Oct 1, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire() If the __qcuefi pointer is not set, then in the original code, we would hold onto the lock. That means that if we tried to set it later, then it would cause a deadlock. Drop the lock on the error path. That's what all the callers are expecting.

Affected (8)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.7 to 6.10.11
Linux Linux Kernel	Version 6.11 rc1
Linux Linux Kernel	Version 6.11 rc2
Linux Linux Kernel	Version 6.11 rc3
Linux Linux Kernel	Version 6.11 rc4
Linux Linux Kernel	Version 6.11 rc5
Linux Linux Kernel	Version 6.11 rc6
Linux Linux Kernel	Version 6.11 rc7

Related CWEs

CWE-667

Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

References (2)

https://git.kernel.org/stable/c/8c6a5a1fc02ad1d62d06897ab330693d4d27cd03

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/db213b0cfe3268d8b1d382b3bcc999c687a2567f

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.