PT-2024-29252 · Linux+7 · Linux Kernel+7

Maximilian Heyne

·

Published

2024-06-04

·

Updated

2025-10-03

·

CVE-2024-41080

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A potential deadlock situation can occur in the Linux kernel due to the io register iowq max workers() function calling io put sq data(), which acquires the sqd->lock without releasing the uring lock. This issue is similar to a previously addressed commit. To resolve this, the uring lock is released before calling io put sq data() and then re-acquired after the function call, ensuring locks are acquired in the correct order and preventing a deadlock.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-833CWE-667

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2025-12647
AZL-47985
AZL-48051
BDU:2025-03012
CVE-2024-41080
DLA-4008-1
DLA-4075-1
DSA-5818-1
OESA-2024-1960
OESA-2024-1962
OESA-2024-1964
OESA-2024-2258
OPENSUSE-SU-2024_3190-1
OPENSUSE-SU-2024_3209-1
OPENSUSE-SU-2024_3483-1
SUSE-SU-2024:3190-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3209-1
SUSE-SU-2024:3383-1
SUSE-SU-2024:3483-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-7089-1
USN-7089-2
USN-7089-3
USN-7089-4
USN-7089-5
USN-7089-6
USN-7089-7
USN-7090-1
USN-7095-1
USN-7156-1
USN-7288-1
USN-7288-2
USN-7289-1
USN-7289-2
USN-7289-3
USN-7289-4
USN-7291-1
USN-7305-1
USN-7308-1
USN-7331-1
USN-7388-1
USN-7389-1
USN-7390-1
USN-7458-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu