CVE-2024-42090

CVE Details

Release Date:

2024-07-29

Description

In the Linux kernel, the following vulnerability has been resolved:\npinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER\nIn create_pinctrl(), pinctrl_maps_mutex is acquired before calling\nadd_setting(). If add_setting() returns -EPROBE_DEFER, create_pinctrl()\ncalls pinctrl_free(). However, pinctrl_free() attempts to acquire\npinctrl_maps_mutex, which is already held by create_pinctrl(), leading to\na potential deadlock.\nThis patch resolves the issue by releasing pinctrl_maps_mutex before\ncalling pinctrl_free(), preventing the deadlock.\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.

See more information about CVE-2024-42090 from MITRE CVE dictionary and NIST NVD

CVSS Scoring

NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score:	4.7	CVSS Vector:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector:	Local network	Attack Complexity:	High
Privileges Required:	Low	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	None
Integrity Impact:	None	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 7 (kernel-uek)	ELSA-2024-12610	2024-09-10
Oracle Linux version 7 (kernel-uek)	ELSA-2024-12779	2024-10-11
Oracle Linux version 7 (kernel-uek-container)	ELSA-2024-12612	2024-09-11
Oracle Linux version 8 (kernel)	ELSA-2024-7000	2024-09-24
Oracle Linux version 8 (kernel-uek)	ELSA-2024-12610	2024-09-10
Oracle Linux version 8 (kernel-uek)	ELSA-2024-12618	2024-09-12
Oracle Linux version 8 (kernel-uek-container)	ELSA-2024-12612	2024-09-11
Oracle Linux version 9 (kernel-uek)	ELSA-2024-12618	2024-09-12