PT-2024-26834 · Linux+6 · Linux Kernel+6

Published

2024-04-25

·

Updated

2026-05-26

·

CVE-2024-35998

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37
Description A potential deadlock in the cifs sync mid result function has been resolved. The issue was spotted by Coverity, which identified a thread deadlock due to lock ordering. The problem occurs when the spin lock acquires the lock TCP Server Info.srv lock while holding the lock TCP Server Info.mid lock, resulting in a "Thread deadlock (ORDER REVERSAL)".
Recommendations To resolve the issue, update the Linux kernel to version 6.6.37 or later. As a temporary workaround, consider disabling the cifs sync mid result function until a patch is available. Restrict access to the vulnerable TCP Server Info module to minimize the risk of exploitation.

Exploit

Fix

DoS

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

AZL-55440
BDU:2025-03065
CVE-2024-35998
MGASA-2024-0263
MGASA-2024-0266
SUSE-SU-2024:2008-1
SUSE-SU-2024:2019-1
SUSE-SU-2024:2190-1
SUSE-SU-2024:2360-1
SUSE-SU-2024:2381-1
SUSE-SU-2024:2561-1
SUSE-SU-2024:2571-1
SUSE-SU-2024:2896-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
USN-6949-1
USN-6949-2
USN-6952-1
USN-6952-2
USN-6955-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu