CVE-2024-39282

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: wwan: t7xx: Fix FSM command timeout issue<br /> <br /> When driver processes the internal state change command, it use an<br /> asynchronous thread to process the command operation. If the main<br /> thread detects that the task has timed out, the asynchronous thread<br /> will panic when executing the completion notification because the<br /> main thread completion object has been released.<br /> <br /> BUG: unable to handle page fault for address: fffffffffffffff8<br /> PGD 1f283a067 P4D 1f283a067 PUD 1f283c067 PMD 0<br /> Oops: 0000 [#1] PREEMPT SMP NOPTI<br /> RIP: 0010:complete_all+0x3e/0xa0<br /> [...]<br /> Call Trace:<br /> <br /> ? __die_body+0x68/0xb0<br /> ? page_fault_oops+0x379/0x3e0<br /> ? exc_page_fault+0x69/0xa0<br /> ? asm_exc_page_fault+0x22/0x30<br /> ? complete_all+0x3e/0xa0<br /> fsm_main_thread+0xa3/0x9c0 [mtk_t7xx (HASH:1400 5)]<br /> ? __pfx_autoremove_wake_function+0x10/0x10<br /> kthread+0xd8/0x110<br /> ? __pfx_fsm_main_thread+0x10/0x10 [mtk_t7xx (HASH:1400 5)]<br /> ? __pfx_kthread+0x10/0x10<br /> ret_from_fork+0x38/0x50<br /> ? __pfx_kthread+0x10/0x10<br /> ret_from_fork_asm+0x1b/0x30<br /> <br /> [...]<br /> CR2: fffffffffffffff8<br /> ---[ end trace 0000000000000000 ]---<br /> <br /> Use the reference counter to ensure safe release as Sergey suggests:<br /> https://lore.kernel.org/all/da90f64c-260a-4329-87bf-1f9ff20a5951@gmail.com/