PT-2024-29745 · Linux+10 · Linux Kernel+10

Published

2024-06-04

Updated

2025-09-29

CVE-2024-42090

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a potential deadlock in the create pinctrl() function when handling -EPROBE DEFER. In create pinctrl(), pinctrl maps mutex is acquired before calling add setting(). If add setting() returns -EPROBE DEFER, create pinctrl() calls pinctrl free(). However, pinctrl free() attempts to acquire pinctrl maps mutex, which is already held by create pinctrl(), leading to a potential deadlock. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. The patch resolves the issue by releasing pinctrl maps mutex before calling pinctrl free(), preventing the deadlock. An attacker could exploit this vulnerability to cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

ALSA-2024:7000

ALSA-2024:7001

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALT-PU-2024-11524

ALT-PU-2024-12537

ALT-PU-2024-13979

ALT-PU-2024-14046

ALT-PU-2024-9967

BDU:2025-02533

CESA-2024_7000

CESA-2024_7001

CVE-2024-42090

DLA-4008-1

INFSA-2024_7000

INFSA-2024_7001

INFSA-2024_9315

OESA-2024-1961

OESA-2024-1962

OESA-2024-1963

OESA-2024-1964

OESA-2025-1078

OPENSUSE-SU-2024_3190-1

OPENSUSE-SU-2024_3209-1

OPENSUSE-SU-2024_3483-1

RHSA-2024:7000

RHSA-2024:7001

RHSA-2024:8157

RHSA-2024:8158

RHSA-2024:9315

RHSA-2024_7000

RHSA-2024_7001

RHSA-2024_9315

RLSA-2024:7001

SUSE-SU-2024:3189-1

SUSE-SU-2024:3190-1

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3209-1

SUSE-SU-2024:3251-1

SUSE-SU-2024:3252-1

SUSE-SU-2024:3383-1

SUSE-SU-2024:3483-1

SUSE-SU-2025:20044-1

SUSE-SU-2025:20047-1

USN-7003-1

USN-7003-2

USN-7003-3

USN-7003-4

USN-7003-5

USN-7006-1

USN-7007-1

USN-7007-2

USN-7007-3

USN-7009-1

USN-7009-2

USN-7019-1

USN-7089-1

USN-7089-2

USN-7089-3

USN-7089-4

USN-7089-5

USN-7089-6

USN-7089-7

USN-7090-1

USN-7095-1

USN-7156-1

USN-7183-1

USN-7184-1

USN-7185-1

USN-7185-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-29745 · Linux+10 · Linux Kernel+10

CVE-2024-42090

Weakness Enumeration

Related Identifiers

Affected Products

References · 2910