CVE-2024-46829

NameCVE-2024-46829
DescriptionIn the Linux kernel, the following vulnerability has been resolved: rtmutex: Drop rt_mutex::wait_lock before scheduling rt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held. In the good case it returns with the lock held and in the deadlock case it emits a warning and goes into an endless scheduling loop with the lock held, which triggers the 'scheduling in atomic' warning. Unlock rt_mutex::wait_lock in the dead lock case before issuing the warning and dropping into the schedule for ever loop. [ tglx: Moved unlock before the WARN(), removed the pointless comment, massaged changelog, added Fixes tag ]
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3912-1, DSA-5782-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)bullseye5.10.223-1vulnerable
bullseye (security)5.10.226-1fixed
bookworm6.1.106-3vulnerable
bookworm (security)6.1.112-1fixed
trixie6.10.11-1fixed
sid6.11.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcebullseye5.10.226-1DLA-3912-1
linuxsourcebookworm6.1.112-1DSA-5782-1
linuxsource(unstable)6.10.11-1

Notes

https://git.kernel.org/linus/d33d26036a0274b472299d7dcdaa5fb34329f91b (6.11-rc7)

Search for package or bug name: Reporting problems