CVE-2024-38594

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.9.0-rc6

Description The issue arises from the reinitialization of the whole EST structure, which resets the mutex lock embedded in the EST structure and triggers a warning. To address this, the lock is moved to struct stmmac priv, and the mutex lock needs to be reacquired during initialization. The warning is triggered by the DEBUG LOCKS WARN ON function when the lock's magic number does not match the expected value. The call trace indicates the involvement of functions such as mutex lock, mutex lock nested, tc setup taprio, stmmac setup tc, and taprio change.

Recommendations To resolve the issue, update the Linux kernel to a version where the EST lock has been moved to struct stmmac priv, ensuring that the mutex lock is properly reacquired during initialization. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-413

Related Identifiers

AZL-69521

BDU:2026-03783

CVE-2024-38594

ECHO-DC58-B4EA-BC0C

OESA-2024-1961

OESA-2024-1962

OESA-2024-1964

OESA-2024-2296

OPENSUSE-SU-2024_2372-1

OPENSUSE-SU-2024_2394-1

SUSE-SU-2024:2372-1

SUSE-SU-2024:2394-1

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

USN-6949-1

USN-6949-2

USN-6952-1

USN-6952-2

USN-6955-1

Affected Products

Debian

Linuxmint

Linux Kernel

Suse

Ubuntu

CVE-2024-38594

Weakness Enumeration

Related Identifiers

Affected Products

References · 3005