CVE-2024-36976

Summary

In the Linux kernel, the following vulnerability has been resolved:

Revert "media: v4l2-ctrls: show all owned controls in log_status"

This reverts commit 9801b5b28c6929139d6fceeee8d739cc67bb2739.

This patch introduced a potential deadlock scenario:

[Wed May 8 10:02:06 2024] Possible unsafe locking scenario:

[Wed May 8 10:02:06 2024] CPU0 CPU1 [Wed May 8 10:02:06 2024] —- —- [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1620:(hdl_vid_cap)->_lock); [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1608:(hdl_user_vid)->_lock); [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1620:(hdl_vid_cap)->_lock); [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1608:(hdl_user_vid)->_lock);

For now just revert.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux9801b5b28c6929139d6fceeee8d739cc67bb2739 < 2e0ce54a9c5c7013b1257be044d99cbe7305e9f1affected
LinuxLinux9801b5b28c6929139d6fceeee8d739cc67bb2739 < eba63df7eb1f95df6bfb67722a35372b6994928daffected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux6.9.2 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References