CVE-2024-42252

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.10.0-rc4-ktest-ga56da69799bd #25570 and earlier

Description A vulnerability in the Linux kernel has been resolved by changing BUG ON() to WARN ON() in the closures. If a BUG ON() can be hit in the wild, it shouldn't be a BUG ON(). This issue has occurred once in the Continuous Integration (CI) and more information is needed to debug it. The kernel BUG is located at lib/closure.c:21, and it causes a kernel panic with a fatal exception. The call trace includes functions such as closure put, bch2 check for deadlock, and bch2 six check for deadlock.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, versions after 6.10.0-rc4-ktest-ga56da69799bd #25570 should be used. As a temporary workaround, consider disabling the closure put() function until a patch is available. However, this may have unintended consequences and should be done with caution. At the moment, there is no information about a newer version that contains a fix for this vulnerability, so updating to the latest available version is recommended.