CVE-2024-40977: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7921s: fix potential hung tasks during chip recovery
During chip recovery (e.g. chip reset), there is a possible situation that kernel worker resetwork is holding the lock and waiting for kernel thread statworker to be parked, while statworker is waiting for the release of the same lock. It causes a deadlock resulting in the dumping of hung tasks messages and possible rebooting of the device.
This patch prevents the execution of statworker during the chip recovery.
Other sources
Linux Kernel is vulnerable to a denial of service, caused by potential Hung Tasks During Chip Recovery in Wifi: Mt76: Mt7921. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-40977?
CVE-2024-40977 has been classified with a moderate severity level due to potential risks during chip recovery in the Linux kernel.
How do I fix CVE-2024-40977?
To fix CVE-2024-40977, update your kernel to versions 6.1.96, 6.6.36, 6.9.7, or a later fixed version.
What systems are affected by CVE-2024-40977?
CVE-2024-40977 affects several versions of the Linux kernel across various distributions, including Red Hat and Debian.
What are the symptoms of CVE-2024-40977?
Symptoms of CVE-2024-40977 may include hung tasks during chip recovery operations in systems using affected kernel versions.
Is there a workaround for CVE-2024-40977?
Currently, the most reliable approach to mitigateg CVE-2024-40977 is to apply the recommended kernel updates as soon as possible.