CVE-2024-41080

Summary

In the Linux kernel, the following vulnerability has been resolved:

io_uring: fix possible deadlock in io_register_iowq_max_workers()

The io_register_iowq_max_workers() function calls io_put_sq_data(), which acquires the sqd->lock without releasing the uring_lock. Similar to the commit 009ad9f0c6ee ("io_uring: drop ctx->uring_lock before acquiring sqd->lock"), this can lead to a potential deadlock situation.

To resolve this issue, the uring_lock is released before calling io_put_sq_data(), and then it is re-acquired after the function call.

This change ensures that the locks are acquired in the correct order, preventing the possibility of a deadlock.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux2b188cc1bb857a9d4701ae59aa7768b5124e262e < b17397a0a5c56e111f61cb5b77d162664dc00de9affected
LinuxLinux2b188cc1bb857a9d4701ae59aa7768b5124e262e < 97ed7ff58de66c544692b3c2b988f3f594348de0affected
LinuxLinux2b188cc1bb857a9d4701ae59aa7768b5124e262e < fdacd09f2ddf7a00787291f08ee48c0421e5b709affected
LinuxLinux2b188cc1bb857a9d4701ae59aa7768b5124e262e < 950ac86cff338ab56e2eaf611f4936ee34893b63affected
LinuxLinux2b188cc1bb857a9d4701ae59aa7768b5124e262e < b571a367502c7ef94c688ef9c7f7d69a2ce3bccaaffected
LinuxLinux2b188cc1bb857a9d4701ae59aa7768b5124e262e < 73254a297c2dd094abec7c9efee32455ae875bdfaffected
LinuxLinux5.1affected
LinuxLinux0 < 5.1unaffected
LinuxLinux5.10.230 <= 5.10.*unaffected
LinuxLinux5.15.173 <= 5.15.*unaffected
LinuxLinux6.1.118 <= 6.1.*unaffected
LinuxLinux6.6.62 <= 6.6.*unaffected
LinuxLinux6.9.11 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References