Resolved Deadlock in Linux Kernel's mcp251x_open Function
CVE-2024-46791

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 September 2024

What is CVE-2024-46791?

In the Linux kernel, the following vulnerability has been resolved:

can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open

The mcp251x_hw_wake() function is called with the mpc_lock mutex held and disables the interrupt handler so that no interrupts can be processed while waking the device. If an interrupt has already occurred then waiting for the interrupt handler to complete will deadlock because it will be trying to acquire the same mutex.

CPU0 CPU1

mcp251x_open() mutex_lock(&priv->mcp_lock) request_threaded_irq() mcp251x_can_ist() mutex_lock(&priv->mcp_lock) mcp251x_hw_wake() disable_irq() <-- deadlock

Use disable_irq_nosync() instead because the interrupt handler does everything while holding the mutex so it doesn't matter if it's still running.

Affected Version(s)

Linux 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef < 3a49b6b1caf5cefc05264d29079d52c99cb188e0

Linux 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef < 513c8fc189b52f7922e36bdca58997482b198f0e

Linux 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef

References

https://git.kernel.org/stable/c/3a49b6b1caf5cefc05264d290...

https://git.kernel.org/stable/c/513c8fc189b52f7922e36bdca...

https://git.kernel.org/stable/c/f7ab9e14b23a3eac6714bdc4d...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2024
Vulnerability Reserved
Sep 11, 2024