PT-2024-9643 · Linux+10 · Linux Kernel+10
Published
2024-06-14
·
Updated
2025-09-29
·
CVE-2024-40904
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.10.0-rc2-syzkaller-g8867bbd4a056
Description
The vulnerability is related to a CPU lockup caused by excessive log messages in the cdc-wdm driver. The interrupt-URB completion callback in the driver takes too long, and the driver's immediate resubmission of interrupt URBs with -EPROTO status combined with the dummy-hcd emulation causes a CPU lockup. The issue can be prevented by ratelimiting the two dev err() calls, which are replaced with dev err ratelimited().
Recommendations
To resolve the issue, update the Linux kernel to a version that includes the fix for the cdc-wdm driver. Specifically, update to a version later than 6.10.0-rc2-syzkaller-g8867bbd4a056. As a temporary workaround, consider ratelimiting the dev err() calls in the cdc-wdm driver to prevent excessive log messages.
Exploit
Fix
Improper Locking
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu