CVE-2024-46692

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Sep 13, 2024

CWE ID 667

Summary

CVE-2024-46692 is a vulnerability in the Linux kernel affecting the Qualcomm SCM firmware related to the get_wq_ctx() function, which is incorrectly configured as a standard call instead of an atomic one. This misconfiguration can lead to a deadlock when simultaneous SMC calls occur, which poses a medium risk to system availability. To remediate this issue, developers should update their systems with the latest patches that mark get_wq_ctx() as an atomic call. The vulnerability has a CVSS base score of 5.5 and requires low privileges for exploitation, with no user interaction needed. Organizations running affected Linux kernel versions are advised to apply available updates promptly to mitigate potential risks associated with this deadlock condition.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database