CVE-2024-42090

Summary

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER

In create_pinctrl(), pinctrl_maps_mutex is acquired before calling add_setting(). If add_setting() returns -EPROBE_DEFER, create_pinctrl() calls pinctrl_free(). However, pinctrl_free() attempts to acquire pinctrl_maps_mutex, which is already held by create_pinctrl(), leading to a potential deadlock.

This patch resolves the issue by releasing pinctrl_maps_mutex before calling pinctrl_free(), preventing the deadlock.

This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7 < e65a0dc2e85efb28e182aca50218e8a056d0ce04affected
LinuxLinux42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7 < 420ce1261907e5dbeda1e4daffd5b6c76f8188c0affected
LinuxLinux42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7 < b813e3fd102a959c5b208ed68afe27e0137a561baffected
LinuxLinux42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7 < 01fe2f885f7813f8aed5d3704b384a97b1116a9eaffected
LinuxLinux42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7 < b36efd2e3e22a329444b6b24fa48df6d20ae66e6affected
LinuxLinux42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7 < 4038c57bf61631219b31f1bd6e92106ec7f084dcaffected
LinuxLinux42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7 < 48a7a7c9571c3e62f17012dd7f2063e926179dddaffected
LinuxLinux42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7 < adec57ff8e66aee632f3dd1f93787c13d112b7a1affected
LinuxLinux3.10affected
LinuxLinux0 < 3.10unaffected
LinuxLinux4.19.317 <= 4.19.*unaffected
LinuxLinux5.4.279 <= 5.4.*unaffected
LinuxLinux5.10.221 <= 5.10.*unaffected
LinuxLinux5.15.162 <= 5.15.*unaffected
LinuxLinux6.1.97 <= 6.1.*unaffected
LinuxLinux6.6.37 <= 6.6.*unaffected
LinuxLinux6.9.8 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

Additional References

References