CVE-2024-40966
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
12/07/2024
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
tty: add the option to have a tty reject a new ldisc<br />
<br />
... and use it to limit the virtual terminals to just N_TTY. They are<br />
kind of special, and in particular, the "con_write()" routine violates<br />
the "writes cannot sleep" rule that some ldiscs rely on.<br />
<br />
This avoids the<br />
<br />
BUG: sleeping function called from invalid context at kernel/printk/printk.c:2659<br />
<br />
when N_GSM has been attached to a virtual console, and gsmld_write()<br />
calls con_write() while holding a spinlock, and con_write() then tries<br />
to get the console lock.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.1.96 (excluding) | |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.36 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.9.7 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/287b569a5b914903ba7c438a3c0dbc3410ebb409
- https://git.kernel.org/stable/c/3c6332f3bb1578b5b10ac2561247b1d6272ae937
- https://git.kernel.org/stable/c/5920ac19964f9e20181f63b410d9200ddbf8dc86
- https://git.kernel.org/stable/c/6bd23e0c2bb6c65d4f5754d1456bc9a4427fc59b
- https://git.kernel.org/stable/c/287b569a5b914903ba7c438a3c0dbc3410ebb409
- https://git.kernel.org/stable/c/3c6332f3bb1578b5b10ac2561247b1d6272ae937
- https://git.kernel.org/stable/c/5920ac19964f9e20181f63b410d9200ddbf8dc86
- https://git.kernel.org/stable/c/6bd23e0c2bb6c65d4f5754d1456bc9a4427fc59b
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html