CVE-2024-48876

MEDIUM

Linux Kernel < 6.12.5 - Improper Locking

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: stackdepot: fix stack_depot_save_flags() in NMI context Per documentation, stack_depot_save_flags() was meant to be usable from NMI context if STACK_DEPOT_FLAG_CAN_ALLOC is unset. However, it still would try to take the pool_lock in an attempt to save a stack trace in the current pool (if space is available). This could result in deadlock if an NMI is handled while pool_lock is already held. To avoid deadlock, only try to take the lock in NMI context and give up if unsuccessful. The documentation is fixed to clearly convey this.

References (2)

[Patch] https://git.kernel.org/stable/c/031e04bdc834cda3b054ef6b698503b2b97e8186

[Patch] https://git.kernel.org/stable/c/9bfeeeff2c92b9dd261198b601b45bde4c529841

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 0.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-667

Status published

Products (4)

linux/Kernel 6.8.0 - 6.12.5linux

linux/linux_kernel 6.8 (6 CPE variants)

linux/linux_kernel 6.13 rc1

linux/linux_kernel 6.8.1 - 6.12.5

Published Jan 11, 2025

Tracked Since Feb 18, 2026