CVE-2024-40980Improper Locking in Linux

CWE-667Improper LockingCWE-662Improper Synchronization44 documents7 sources
Severity
5.5MEDIUMNVD
OSV7.8OSV5.3
EPSS
0.0%
top 99.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedJul 12
Latest updateAug 14

Description

In the Linux kernel, the following vulnerability has been resolved: drop_monitor: replace spin_lock by raw_spin_lock trace_drop_common() is called with preemption disabled, and it acquires a spin_lock. This is problematic for RT kernels because spin_locks are sleeping locks in this configuration, which causes the following splat: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47 preem

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

NVDlinux/linux_kernel5.55.10.221+5
Debianlinux/linux_kernel< 5.10.221-1+3
Ubuntulinux/linux_kernel< 5.4.0-195.215+2
CVEListV5linux/linux4ea7e38696c7e798c47ebbecadfd392f23f814f9594e47957f3fe034645e6885393ce96c12286334+7
debiandebian/linux< linux 6.1.99-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

21
OSV
linux-raspi-5.4 vulnerabilities2024-10-01
OSV
linux-raspi vulnerabilities2024-09-26
OSV
linux-azure-fde-5.15 vulnerabilities2024-09-25
OSV
linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerabilities2024-09-23
OSV
linux-hwe-6.82024-09-23

📋Vendor Advisories

22
CISA ICS
Siemens Third-Party Components in SINEC OS2025-08-14
Ubuntu
Linux kernel vulnerabilities2024-10-01
Ubuntu
Linux kernel vulnerabilities2024-09-26
Ubuntu
Linux kernel vulnerabilities2024-09-25
Ubuntu
Linux kernel vulnerabilities2024-09-23