CVE-2024-38780

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jun 21, 2024

Updated: Jul 15, 2024

CWE ID 667

Summary

CVE-2024-38780 is a vulnerability in the Linux kernel affecting the dma-buf/sw-sync component. This issue stems from a mistake in the commit a6aa8fca4d79, where spin_unlock_irqrestore() was incorrectly replaced with spin_unlock_irl() for both sync_debugfs_show() and sync_print_obj(). Consequently, lockdep warnings were generated due to inconsistent lock states. To rectify this, plain spin_lock and spin_unlock should be used for sync_print_obj(), whereas sync_debugfs_show() already utilizes spin_lock and spin_unlock_irq().

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wlPFGZ
https://www.cve.org/CVERecord?id=CVE-2024-38780
https://nvd.nist.gov/vuln/detail/CVE-2024-38780

Back to Vulnerability Database

CVE-2024-38780

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations