{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-46868", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-09-11T15:12:18.294Z", "datePublished": "2024-09-27T12:42:55.664Z", "dateUpdated": "2024-11-05T09:48:09.818Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:48:09.818Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()\n\nIf the __qcuefi pointer is not set, then in the original code, we would\nhold onto the lock. That means that if we tried to set it later, then\nit would cause a deadlock. Drop the lock on the error path. That's\nwhat all the callers are expecting."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firmware/qcom/qcom_qseecom_uefisecapp.c"], "versions": [{"version": "759e7a2b62eb", "lessThan": "8c6a5a1fc02a", "status": "affected", "versionType": "git"}, {"version": "759e7a2b62eb", "lessThan": "db213b0cfe32", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firmware/qcom/qcom_qseecom_uefisecapp.c"], "versions": [{"version": "6.7", "status": "affected"}, {"version": "0", "lessThan": "6.7", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.11", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/8c6a5a1fc02ad1d62d06897ab330693d4d27cd03"}, {"url": "https://git.kernel.org/stable/c/db213b0cfe3268d8b1d382b3bcc999c687a2567f"}], "title": "firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-29T13:29:02.296059Z", "id": "CVE-2024-46868", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-29T13:31:13.751Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-46868", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-29T13:29:02.296059Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-29T13:31:10.294Z"}}], "cna": {"title": "firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "759e7a2b62eb", "lessThan": "8c6a5a1fc02a", "versionType": "git"}, {"status": "affected", "version": "759e7a2b62eb", "lessThan": "db213b0cfe32", "versionType": "git"}], "programFiles": ["drivers/firmware/qcom/qcom_qseecom_uefisecapp.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.7"}, {"status": "unaffected", "version": "0", "lessThan": "6.7", "versionType": "semver"}, {"status": "unaffected", "version": "6.10.11", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/firmware/qcom/qcom_qseecom_uefisecapp.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/8c6a5a1fc02ad1d62d06897ab330693d4d27cd03"}, {"url": "https://git.kernel.org/stable/c/db213b0cfe3268d8b1d382b3bcc999c687a2567f"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()\n\nIf the __qcuefi pointer is not set, then in the original code, we would\nhold onto the lock. That means that if we tried to set it later, then\nit would cause a deadlock. Drop the lock on the error path. That's\nwhat all the callers are expecting."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:48:09.818Z"}}}, "cveMetadata": {"cveId": "CVE-2024-46868", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:48:09.818Z", "dateReserved": "2024-09-11T15:12:18.294Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-09-27T12:42:55.664Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5DB5367-F1F5-4200-B3B3-FDF8AFC3D255", "versionEndExcluding": "6.10.11", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*", "matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*", "matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc7:*:*:*:*:*:*", "matchCriteriaId": "DE5298B3-04B4-4F3E-B186-01A58B5C75A6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()\n\nIf the __qcuefi pointer is not set, then in the original code, we would\nhold onto the lock. That means that if we tried to set it later, then\nit would cause a deadlock. Drop the lock on the error path. That's\nwhat all the callers are expecting."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware: qcom: uefisecapp: Se corrige el bloqueo en qcuefi_acquire() Si el puntero __qcuefi no est\u00e1 configurado, entonces en el c\u00f3digo original, mantendr\u00edamos el bloqueo. Eso significa que si intent\u00e1ramos configurarlo m\u00e1s tarde, causar\u00eda un bloqueo. Eliminar el bloqueo en la ruta de error. Eso es lo que todos los que llaman esperan."}], "id": "CVE-2024-46868", "lastModified": "2024-10-01T17:09:12.247", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-09-27T13:15:18.007", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8c6a5a1fc02ad1d62d06897ab330693d4d27cd03"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/db213b0cfe3268d8b1d382b3bcc999c687a2567f"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-667"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()", "id": "2315220", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315220"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-833", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nfirmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()\nIf the __qcuefi pointer is not set, then in the original code, we would\nhold onto the lock. That means that if we tried to set it later, then\nit would cause a deadlock. Drop the lock on the error path. That's\nwhat all the callers are expecting."], "name": "CVE-2024-46868", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-09-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-46868\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-46868\nhttps://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46868-f3a3@gregkh/T"], "threat_severity": "Low"}