CVE-2024-42140

riscv: kexec: Avoid deadlock in kexec crash path

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

riscv: kexec: Avoid deadlock in kexec crash path

If the kexec crash code is called in the interrupt context, the
machine_kexec_mask_interrupts() function will trigger a deadlock while
trying to acquire the irqdesc spinlock and then deactivate irqchip in
irq_set_irqchip_state() function.

Unlike arm64, riscv only requires irq_eoi handler to complete EOI and
keeping irq_set_irqchip_state() will only leave this possible deadlock
without any use. So we simply remove it.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-29 CVE Reserved
2024-07-30 CVE Published
2024-08-24 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/12f237200c169a8667cf9dca7a40df8d7917b9fd	Vuln. Introduced
https://git.kernel.org/stable/c/b17d19a5314a37f7197afd1a0200affd21a7227d	Vuln. Introduced
https://git.kernel.org/stable/c/7594956fec8902dfc18150bf1dca0940cd4ad025	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/bb80a7911218bbab2a69b5db7d2545643ab0073d	2024-07-18
https://git.kernel.org/stable/c/653deee48a4682ea17a05b96fb6842795ab5943c	2024-07-11
https://git.kernel.org/stable/c/7692c9b6baacdee378435f58f19baf0eb69e4155	2024-07-11
https://git.kernel.org/stable/c/484dd545271d02d1571e1c6b62ea7df9dbe5e692	2024-07-11
https://git.kernel.org/stable/c/c562ba719df570c986caf0941fea2449150bcbc4	2024-07-03

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.82 < 5.15.163 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.82 < 5.15.163"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 6.1.98 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.1.98"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 6.6.39 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.6.39"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 6.9.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.9.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1 < 6.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.0.12 Search vendor "Linux" for product "Linux Kernel" and version "6.0.12"		en		Affected