CVE-2024-39282

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.74

Description: A vulnerability has been resolved in the Linux kernel, specifically in the net: wwan: t7xx module, related to a Fix FSM command timeout issue. When the driver processes an internal state change command, it uses an asynchronous thread to process the command operation. If the main thread detects that the task has timed out, the asynchronous thread will panic when executing the completion notification because the main thread completion object has been released. The issue is related to the fsm main thread function and the complete all function. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations: To resolve the issue, update to Linux kernel version 6.6.74 or later. As a temporary workaround, consider using the reference counter to ensure safe release as suggested by Sergey. Restrict access to the vulnerable module mtk t7xx to minimize the risk of exploitation. Avoid using the fsm main thread function and the complete all function until the issue is resolved.