CVE-2024-36976

Revert "media: v4l2-ctrls: show all owned controls in log_status"

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: Revert "media: v4l2-ctrls: show all owned controls in log_status" This reverts commit 9801b5b28c6929139d6fceeee8d739cc67bb2739. This patch introduced a potential deadlock scenario: [Wed May 8 10:02:06 2024] Possible unsafe locking scenario: [Wed May 8 10:02:06 2024] CPU0 CPU1
[Wed May 8 10:02:06 2024] ---- ----
[Wed May 8 10:02:06 2024] lock(vivid_ctrls:1620:(hdl_vid_cap)->_lock);
[Wed May 8 10:02:06 2024] lock(vivid_ctrls:1608:(hdl_user_vid)->_lock);
[Wed May 8 10:02:06 2024] lock(vivid_ctrls:1620:(hdl_vid_cap)->_lock);
[Wed May 8 10:02:06 2024] lock(vivid_ctrls:1608:(hdl_user_vid)->_lock); For now just revert.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Revertir "media: v4l2-ctrls: mostrar todos los controles de propiedad en log_status" Esto revierte el commit 9801b5b28c6929139d6fceeee8d739cc67bb2739. Este parche introdujo un posible escenario de bloqueo: [miércoles 8 de mayo 10:02:06 2024] Posible escenario de bloqueo inseguro: [miércoles 8 de mayo 10:02:06 2024] CPU0 CPU1 [miércoles 8 de mayo 10:02:06 2024] -- -- ---- [miércoles 8 de mayo 10:02:06 2024] lock(vivid_ctrls:1620:(hdl_vid_cap)->_lock); [Miércoles 8 de mayo 10:02:06 2024] lock(vivid_ctrls:1608:(hdl_user_vid)->_lock); [Miércoles 8 de mayo 10:02:06 2024] lock(vivid_ctrls:1620:(hdl_vid_cap)->_lock); [Miércoles 8 de mayo 10:02:06 2024] lock(vivid_ctrls:1608:(hdl_user_vid)->_lock); Por ahora simplemente revertir.

In the Linux kernel, the following vulnerability has been resolved: Revert "media: v4l2-ctrls: show all owned controls in log_status" This reverts commit 9801b5b28c6929139d6fceeee8d739cc67bb2739. This patch introduced a potential deadlock scenario: [Wed May 8 10:02:06 2024] Possible unsafe locking scenario: [Wed May 8 10:02:06 2024] CPU0 CPU1 [Wed May 8 10:02:06 2024] ---- ---- [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1620:(hdl_vid_cap)->_lock); [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1608:(hdl_user_vid)->_lock); [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1620:(hdl_vid_cap)->_lock); [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1608:(hdl_user_vid)->_lock); For now just revert.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-30 CVE Reserved
2024-06-18 CVE Published
2024-06-19 EPSS Updated
2024-12-19 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (3)

URL	Tag	Source
https://git.kernel.org/stable/c/9801b5b28c6929139d6fceeee8d739cc67bb2739	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/2e0ce54a9c5c7013b1257be044d99cbe7305e9f1	2024-05-25
https://git.kernel.org/stable/c/eba63df7eb1f95df6bfb67722a35372b6994928d	2024-05-10

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.9 < 6.9.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.9 < 6.9.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.9 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.9 < 6.10"		en		Affected