CVE-2024-41036

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A deadlock vulnerability has been resolved in the Linux kernel, specifically in the net: ks8851 module. The issue occurs when SMP is enabled and spinlocks are functional, causing a deadlock with the 'statelock' spinlock between ks8851 start xmit spi and ks8851 irq. This results in a soft lockup, with the CPU stuck for 27 seconds. The problem was not identified earlier because tests were done on a device with SMP disabled, making spinlocks ineffective. To avoid the deadlock, spin (un)lock bh is now used for TX queue related locking to prevent synchronous execution of softirq work.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-833CWE-667

Related Identifiers

ALSA-2025_16880

ALT-PU-2024-13979

ALT-PU-2024-14046

BDU:2025-03018

CVE-2024-41036

DLA-4008-1

MGASA-2024-0277

MGASA-2024-0278

OESA-2024-2076

OPENSUSE-SU-2024_3190-1

OPENSUSE-SU-2024_3209-1

OPENSUSE-SU-2024_3483-1

SUSE-SU-2024:3190-1

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3209-1

SUSE-SU-2024:3383-1

SUSE-SU-2024:3483-1

SUSE-SU-2025:20044-1

SUSE-SU-2025:20047-1

USN-7089-1

USN-7089-2

USN-7089-3

USN-7089-4

USN-7089-5

USN-7089-6

USN-7089-7

USN-7090-1

USN-7095-1

USN-7156-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2024-41036

Weakness Enumeration

Related Identifiers

Affected Products

References · 1938