- Vulnerability/
- CVE-2024-39282
CVE-2024-39282: net: wwan: t7xx: Fix FSM command timeout issue
First published: Wed Jan 15 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: Fix FSM command timeout issue When driver processes the internal state change command, it use an asynchronous thread to process the command operation. If the main thread detects that the task has timed out, the asynchronous thread will panic when executing the completion notification because the main thread completion object has been released. BUG: unable to handle page fault for address: fffffffffffffff8 PGD 1f283a067 P4D 1f283a067 PUD 1f283c067 PMD 0 Oops: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:complete_all+0x3e/0xa0 [...] Call Trace: <TASK> ? __die_body+0x68/0xb0 ? page_fault_oops+0x379/0x3e0 ? exc_page_fault+0x69/0xa0 ? asm_exc_page_fault+0x22/0x30 ? complete_all+0x3e/0xa0 fsm_main_thread+0xa3/0x9c0 [mtk_t7xx (HASH:1400 5)] ? __pfx_autoremove_wake_function+0x10/0x10 kthread+0xd8/0x110 ? __pfx_fsm_main_thread+0x10/0x10 [mtk_t7xx (HASH:1400 5)] ? __pfx_kthread+0x10/0x10 ret_from_fork+0x38/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> [...] CR2: fffffffffffffff8 ---[ end trace 0000000000000000 ]--- Use the reference counter to ensure safe release as Sergey suggests: https://lore.kernel.org/all/da90f64c-260a-4329-87bf-1f9ff20a5951@gmail.com/
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Kernel-devel | ||
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 | |
| debian/linux-6.1 | 6.1.129-1~deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/0cd3bde081cd3452c875fa1e5c55834c670d6e05
- https://git.kernel.org/stable/c/4f619d518db9cd1a933c3a095a5f95d0c1584ae8
- https://git.kernel.org/stable/c/b8ab9bd0c8855cd5a6f4e0265083576257ff3fc5
- https://git.kernel.org/stable/c/e6e6882a1590cbdaca77a31a02f4954327237e14
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39282
- https://nvd.nist.gov/vuln/detail/CVE-2024-39282
- https://launchpad.net/bugs/cve/CVE-2024-39282
- https://security-tracker.debian.org/tracker/CVE-2024-39282
- https://ubuntu.com/security/CVE-2024-39282
- https://git.kernel.org/linus/4f619d518db9cd1a933c3a095a5f95d0c1584ae8
Frequently Asked Questions
What is the severity of CVE-2024-39282?
CVE-2024-39282 has a medium severity rating due to its potential impact on system performance in the Linux kernel.
How do I fix CVE-2024-39282?
To fix CVE-2024-39282, update the Linux kernel to the latest version where the vulnerability has been patched.
What systems are affected by CVE-2024-39282?
CVE-2024-39282 affects the Linux kernel across various distributions that use the wwan t7xx driver.
What are the potential consequences of CVE-2024-39282?
The consequences of CVE-2024-39282 may include system instability or degraded performance due to command timeouts in network operations.
When was CVE-2024-39282 reported?
CVE-2024-39282 was reported and documented in 2024, highlighting an issue in the Linux kernel's handling of internal state changes.
- agent/title
- agent/severity
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/usn-cve
- source/Ubuntu
- collector/nvd-cve
- collector/launchpad-cve
- source/Launchpad
- agent/references
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/red hat kernel-devel
- package-manager/debian