CVE-2024-40967

MEDIUM

Linux Kernel - Denial of Service via Serial Transmitter Deadlock

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduce timeout when waiting on transmitter empty By waiting at most 1 second for USR2_TXDC to be set, we avoid a potential deadlock. In case of the timeout, there is not much we can do, so we simply ignore the transmitter state and optimistically try to continue.

References (6)

Core 6

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Patch

https://git.kernel.org/stable/c/7f2b9ab6d0b26f16cd38dd9fd91d51899635f7c7

Patch

https://git.kernel.org/stable/c/7f9e70c68b7ace0141fe3bc94bf7b61296b71916

Patch

https://git.kernel.org/stable/c/982ae3376c4c91590d38dc8a676c10f7df048a44

Patch

https://git.kernel.org/stable/c/53b2c95547427c358f45515a9f144efee95e3701

Patch

https://git.kernel.org/stable/c/e533e4c62e9993e62e947ae9bbec34e4c7ae81c2

Scores

CVSS v3 5.5

EPSS 0.0022

EPSS Percentile 12.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-667

Status published

Products (23)

linux/Kernel 3.6.0 - 5.15.162linux

linux/Kernel 5.16.0 - 6.1.96linux

linux/Kernel 6.2.0 - 6.6.36linux

linux/Kernel 6.7.0 - 6.9.7linux

Linux/Linux < 3.6

Linux/Linux 3.2.30 - 3.3

Linux/Linux 3.4.12 - 3.5

Linux/Linux 3.5.5 - 3.6

Linux/Linux 3.6

Linux/Linux 34d4dda865d8174f4a437f313c457c42a8fa9535

... and 13 more

Published Jul 12, 2024

Tracked Since Feb 18, 2026