Lucene search

Redhat.comRH:CVE-2024-38780

HistoryJun 21, 2024 - 1:52 p.m.

CVE-2024-38780

2024-06-2113:52:46

redhat.com

access.redhat.com

linux kernel

cve-2024-38780

vulnerability

dma-buf/sw-sync

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don’t enable IRQ from sync_print_obj() Since commit a6aa8fca4d79 (“dma-buf/sw-sync: Reduce irqsave/irqrestore from known context”) by error replaced spin_unlock_irqrestore() with spin_unlock_irq() for both sync_debugfs_show() and sync_print_obj() despite sync_print_obj() is called from sync_debugfs_show(), lockdep complains inconsistent lock state warning. Use plain spin_{lock,unlock}() for sync_print_obj(), for sync_debugfs_show() is already using spin_{lock,unlock}_irq().

References

bugzilla.redhat.com/show_bug.cgi?id=2293643

lore.kernel.org/linux-cve-announce/2024062119-CVE-2024-38780-d90f@gregkh/T

nvd.nist.gov/vuln/detail/CVE-2024-38780

www.cve.org/CVERecord?id=CVE-2024-38780

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for RH:CVE-2024-38780