CVE-2024-38780

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jun 21, 2024
Updated: Jul 15, 2024
CWE ID 667

Summary

CVE-2024-38780 is a vulnerability in the Linux kernel affecting the dma-buf/sw-sync component. This issue stems from a mistake in the commit a6aa8fca4d79, where spin_unlock_irqrestore() was incorrectly replaced with spin_unlock_irl() for both sync_debugfs_show() and sync_print_obj(). Consequently, lockdep warnings were generated due to inconsistent lock states. To rectify this, plain spin_lock and spin_unlock should be used for sync_print_obj(), whereas sync_debugfs_show() already utilizes spin_lock and spin_unlock_irq().

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share