CVE-2024-42090

MEDIUM

Linux Kernel - Deadlock in create_pinctrl() via pinctrl_maps_mutex

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER In create_pinctrl(), pinctrl_maps_mutex is acquired before calling add_setting(). If add_setting() returns -EPROBE_DEFER, create_pinctrl() calls pinctrl_free(). However, pinctrl_free() attempts to acquire pinctrl_maps_mutex, which is already held by create_pinctrl(), leading to a potential deadlock. This patch resolves the issue by releasing pinctrl_maps_mutex before calling pinctrl_free(), preventing the deadlock. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc.

References (10)

Core 10
Core References

Scores

CVSS v3 5.5
EPSS 0.0019
EPSS Percentile 8.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-667
Status published
Products (26)
linux/Kernel 3.10.0 - 4.19.317linux
linux/Kernel 4.20.0 - 5.4.279linux
linux/Kernel 5.11.0 - 5.15.162linux
linux/Kernel 5.16.0 - 6.1.97linux
linux/Kernel 5.5.0 - 5.10.221linux
linux/Kernel 6.2.0 - 6.6.37linux
linux/Kernel 6.7.0 - 6.9.8linux
Linux/Linux < 3.10
Linux/Linux 3.10
Linux/Linux 4.19.317 - 4.19.*
... and 16 more
Published Jul 29, 2024
Tracked Since Feb 18, 2026