CVE-2024-46829

MEDIUM

Linux Kernel < 3.3 - Improper Locking

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: rtmutex: Drop rt_mutex::wait_lock before scheduling rt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held. In the good case it returns with the lock held and in the deadlock case it emits a warning and goes into an endless scheduling loop with the lock held, which triggers the 'scheduling in atomic' warning. Unlock rt_mutex::wait_lock in the dead lock case before issuing the warning and dropping into the schedule for ever loop. [ tglx: Moved unlock before the WARN(), removed the pointless comment, massaged changelog, added Fixes tag ]

References (10)

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

[Patch] https://git.kernel.org/stable/c/1401da1486dc1cdbef6025fd74a3977df3a3e5d0

[Patch] https://git.kernel.org/stable/c/432efdbe7da5ecfcbc0c2180cfdbab1441752a38

[Patch] https://git.kernel.org/stable/c/6a976e9a47e8e5b326de671811561cab12e6fb1f

[Patch] https://git.kernel.org/stable/c/85f03ca98e07cd0786738b56ae73740bce0ac27f

[Patch] https://git.kernel.org/stable/c/93f44655472d9cd418293d328f9d141ca234ad83

[Patch] https://git.kernel.org/stable/c/a92d81c9efec9280681c27a2c0a963fd0f1338e0

[Patch] https://git.kernel.org/stable/c/d33d26036a0274b472299d7dcdaa5fb34329f91b

[Patch] https://git.kernel.org/stable/c/f13b5afc5c4889569d84c3011ce449f61fccfb28

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 0.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-667

Status published

Products (2)

linux/linux_kernel 6.11 rc1 (6 CPE variants)

linux/linux_kernel 3.2.61 - 3.3

Published Sep 27, 2024

Tracked Since Feb 18, 2026