CVE-2024-46868

Summary

In the Linux kernel, the following vulnerability has been resolved:

firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()

If the __qcuefi pointer is not set, then in the original code, we would hold onto the lock. That means that if we tried to set it later, then it would cause a deadlock. Drop the lock on the error path. That's what all the callers are expecting.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux759e7a2b62eb3ef3c93ffeb5cca788a09627d7d9 < 8c6a5a1fc02ad1d62d06897ab330693d4d27cd03affected
LinuxLinux759e7a2b62eb3ef3c93ffeb5cca788a09627d7d9 < db213b0cfe3268d8b1d382b3bcc999c687a2567faffected
LinuxLinux6.7affected
LinuxLinux0 < 6.7unaffected
LinuxLinux6.10.11 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References