CVE-2024-41080

MEDIUM EPSS 10.8%
Published Jul 29, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 29, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix possible deadlock in io_register_iowq_max_workers() The io_register_iowq_max_workers() function calls io_put_sq_data(), which acquires the sqd->lock without releasing the uring_lock. Similar to the commit 009ad9f0c6ee ("io_uring: drop ctx->uring_lock before acquiring sqd->lock"), this can lead to a potential deadlock situation. To resolve this issue, the uring_lock is released before calling io_put_sq_data(), and then it is re-acquired after the function call. This change ensures that the locks are acquired in the correct order, preventing the possibility of a deadlock.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
10.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-667

Affected Products 1

VendorProductVersionRange
linuxlinux_kernel* <6.9.11

References 8

  • git.kernel.org https://git.kernel.org/stable/c/73254a297c2dd094abec7c9efee32455ae875bdf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/950ac86cff338ab56e2eaf611f4936ee34893b63
  • git.kernel.org https://git.kernel.org/stable/c/97ed7ff58de66c544692b3c2b988f3f594348de0
  • git.kernel.org https://git.kernel.org/stable/c/b17397a0a5c56e111f61cb5b77d162664dc00de9
  • git.kernel.org https://git.kernel.org/stable/c/b571a367502c7ef94c688ef9c7f7d69a2ce3bcca
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fdacd09f2ddf7a00787291f08ee48c0421e5b709
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/73254a297c2dd094abec7c9efee32455ae875bdf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b571a367502c7ef94c688ef9c7f7d69a2ce3bcca
    Patch