CVE-2024-38780

Summary

In the Linux kernel, the following vulnerability has been resolved:

dma-buf/sw-sync: don't enable IRQ from sync_print_obj()

Since commit a6aa8fca4d79 ("dma-buf/sw-sync: Reduce irqsave/irqrestore from known context") by error replaced spin_unlock_irqrestore() with spin_unlock_irq() for both sync_debugfs_show() and sync_print_obj() despite sync_print_obj() is called from sync_debugfs_show(), lockdep complains inconsistent lock state warning.

Use plain spin_{lock,unlock}() for sync_print_obj(), for sync_debugfs_show() is already using spin_{lock,unlock}_irq().

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa6aa8fca4d792c72947e341d7842d2f700534335 < 1ff116f68560a25656933d5a18e7619cb6773d8aaffected
LinuxLinuxa6aa8fca4d792c72947e341d7842d2f700534335 < 165b25e3ee9333f7b04f8db43895beacb51582edaffected
LinuxLinuxa6aa8fca4d792c72947e341d7842d2f700534335 < ae6fc4e6a3322f6d1c8ff59150d8469487a73dd8affected
LinuxLinuxa6aa8fca4d792c72947e341d7842d2f700534335 < 9d75fab2c14a25553a1664586ed122c316bd1878affected
LinuxLinuxa6aa8fca4d792c72947e341d7842d2f700534335 < 242b30466879e6defa521573c27e12018276c33aaffected
LinuxLinuxa6aa8fca4d792c72947e341d7842d2f700534335 < a4ee78244445ab73af22bfc5a5fc543963b25aefaffected
LinuxLinuxa6aa8fca4d792c72947e341d7842d2f700534335 < 8a283cdfc8beeb14024387a925247b563d614e1eaffected
LinuxLinuxa6aa8fca4d792c72947e341d7842d2f700534335 < b794918961516f667b0c745aebdfebbb8a98df39affected
LinuxLinuxf14ad42b8743897d140808467ed4ae3ce93bd0a5affected
LinuxLinux4.9.68 < 4.10affected
LinuxLinux4.14affected
LinuxLinux0 < 4.14unaffected
LinuxLinux4.19.316 <= 4.19.*unaffected
LinuxLinux5.4.278 <= 5.4.*unaffected
LinuxLinux5.10.219 <= 5.10.*unaffected
LinuxLinux5.15.161 <= 5.15.*unaffected
LinuxLinux6.1.93 <= 6.1.*unaffected
LinuxLinux6.6.33 <= 6.6.*unaffected
LinuxLinux6.9.4 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

Additional References

References