CVE-2024-46692

firmware: qcom: scm: Mark get_wq_ctx() as atomic call

Description

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Mark get_wq_ctx() as atomic call Currently get_wq_ctx() is wrongly configured as a standard call. When two SMC calls are in sleep and one SMC wakes up, it calls get_wq_ctx() to resume the corresponding sleeping thread. But if get_wq_ctx() is interrupted, goes to sleep and another SMC call is waiting to be allocated a waitq context, it leads to a deadlock. To avoid this get_wq_ctx() must be an atomic call and can't be a standard SMC call. Hence mark get_wq_ctx() as a fast call.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/cdf7efe4b02aa93813db0bf1ca596ad298ab6b06 patch
https://git.kernel.org/stable/c/e40115c33c0d79c940545b6b12112aace7acd9f5 patch
https://git.kernel.org/stable/c/9960085a3a82c58d3323c1c20b991db6045063b0 patch

Frequently Asked Questions

What is the severity of CVE-2024-46692?
CVE-2024-46692 has been scored as a medium severity vulnerability.
How to fix CVE-2024-46692?
To fix CVE-2024-46692, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-46692 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-46692 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-46692?
CVE-2024-46692 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.