CVE-2024-35953

accel/ivpu: Fix deadlock in context_xa

Description

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix deadlock in context_xa ivpu_device->context_xa is locked both in kernel thread and IRQ context. It requires XA_FLAGS_LOCK_IRQ flag to be passed during initialization otherwise the lock could be acquired from a thread and interrupted by an IRQ that locks it for the second time causing the deadlock. This deadlock was reported by lockdep and observed in internal tests.

References

Link	Tags
https://git.kernel.org/stable/c/d43e11d9c7fcb16f18bd46ab2556c2772ffc5775	patch
https://git.kernel.org/stable/c/e6011411147209bc0cc14628cbc155356837e52a	patch
https://git.kernel.org/stable/c/fd7726e75968b27fe98534ccbf47ccd6fef686f3	patch

Frequently Asked Questions

What is the severity of CVE-2024-35953?: CVE-2024-35953 has been scored as a medium severity vulnerability.
How to fix CVE-2024-35953?: To fix CVE-2024-35953, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-35953 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-35953 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-35953?: CVE-2024-35953 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-667 – Improper Locking

References

Frequently Asked Questions