vulnerability
Ubuntu: (Multiple Advisories) (CVE-2024-42090): Linux kernel vulnerabilities
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | Jul 29, 2024 | Sep 13, 2024 | Jan 28, 2025 |
Description
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER
In create_pinctrl(), pinctrl_maps_mutex is acquired before calling
add_setting(). If add_setting() returns -EPROBE_DEFER, create_pinctrl()
calls pinctrl_free(). However, pinctrl_free() attempts to acquire
pinctrl_maps_mutex, which is already held by create_pinctrl(), leading to
a potential deadlock.
This patch resolves the issue by releasing pinctrl_maps_mutex before
calling pinctrl_free(), preventing the deadlock.
This bug was discovered and resolved using Coverity Static Analysis
Security Testing (SAST) by Synopsys, Inc.
Solution(s)
References
- CVE-2024-42090
- https://attackerkb.com/topics/CVE-2024-42090
- UBUNTU-USN-7003-1
- UBUNTU-USN-7003-2
- UBUNTU-USN-7003-3
- UBUNTU-USN-7003-4
- UBUNTU-USN-7003-5
- UBUNTU-USN-7006-1
- UBUNTU-USN-7007-1
- UBUNTU-USN-7007-2
- UBUNTU-USN-7007-3
- UBUNTU-USN-7009-1
- UBUNTU-USN-7009-2
- UBUNTU-USN-7019-1
- UBUNTU-USN-7089-1
- UBUNTU-USN-7089-2
- UBUNTU-USN-7089-3
- UBUNTU-USN-7089-4
- UBUNTU-USN-7089-5
- UBUNTU-USN-7089-6
- UBUNTU-USN-7089-7
- UBUNTU-USN-7090-1
- UBUNTU-USN-7095-1
- UBUNTU-USN-7156-1
- UBUNTU-USN-7183-1
- UBUNTU-USN-7184-1
- UBUNTU-USN-7185-1
- UBUNTU-USN-7185-2

Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.