CVE-2024-41036
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
29/07/2024
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
net: ks8851: Fix deadlock with the SPI chip variant<br />
<br />
When SMP is enabled and spinlocks are actually functional then there is<br />
a deadlock with the &#39;statelock&#39; spinlock between ks8851_start_xmit_spi<br />
and ks8851_irq:<br />
<br />
watchdog: BUG: soft lockup - CPU#0 stuck for 27s!<br />
call trace:<br />
queued_spin_lock_slowpath+0x100/0x284<br />
do_raw_spin_lock+0x34/0x44<br />
ks8851_start_xmit_spi+0x30/0xb8<br />
ks8851_start_xmit+0x14/0x20<br />
netdev_start_xmit+0x40/0x6c<br />
dev_hard_start_xmit+0x6c/0xbc<br />
sch_direct_xmit+0xa4/0x22c<br />
__qdisc_run+0x138/0x3fc<br />
qdisc_run+0x24/0x3c<br />
net_tx_action+0xf8/0x130<br />
handle_softirqs+0x1ac/0x1f0<br />
__do_softirq+0x14/0x20<br />
____do_softirq+0x10/0x1c<br />
call_on_irq_stack+0x3c/0x58<br />
do_softirq_own_stack+0x1c/0x28<br />
__irq_exit_rcu+0x54/0x9c<br />
irq_exit_rcu+0x10/0x1c<br />
el1_interrupt+0x38/0x50<br />
el1h_64_irq_handler+0x18/0x24<br />
el1h_64_irq+0x64/0x68<br />
__netif_schedule+0x6c/0x80<br />
netif_tx_wake_queue+0x38/0x48<br />
ks8851_irq+0xb8/0x2c8<br />
irq_thread_fn+0x2c/0x74<br />
irq_thread+0x10c/0x1b0<br />
kthread+0xc8/0xd8<br />
ret_from_fork+0x10/0x20<br />
<br />
This issue has not been identified earlier because tests were done on<br />
a device with SMP disabled and so spinlocks were actually NOPs.<br />
<br />
Now use spin_(un)lock_bh for TX queue related locking to avoid execution<br />
of softirq work synchronously that would lead to a deadlock.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.1.70 (including) | 6.1.100 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.6.9 (including) | 6.6.41 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.9.10 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.10:rc7:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0913ec336a6c0c4a2b296bd9f74f8e41c4c83c8c
- https://git.kernel.org/stable/c/10fec0cd0e8f56ff06c46bb24254c7d8f8f2bbf0
- https://git.kernel.org/stable/c/80ece00137300d74642f2038c8fe5440deaf9f05
- https://git.kernel.org/stable/c/a0c69c492f4a8fad52f0a97565241c926160c9a4
- https://git.kernel.org/stable/c/0913ec336a6c0c4a2b296bd9f74f8e41c4c83c8c
- https://git.kernel.org/stable/c/10fec0cd0e8f56ff06c46bb24254c7d8f8f2bbf0
- https://git.kernel.org/stable/c/80ece00137300d74642f2038c8fe5440deaf9f05
- https://git.kernel.org/stable/c/a0c69c492f4a8fad52f0a97565241c926160c9a4
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html