CVE-2024-46868

medium

Description

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire() If the __qcuefi pointer is not set, then in the original code, we would hold onto the lock. That means that if we tried to set it later, then it would cause a deadlock. Drop the lock on the error path. That's what all the callers are expecting.

References

https://git.kernel.org/stable/c/db213b0cfe3268d8b1d382b3bcc999c687a2567f

https://git.kernel.org/stable/c/8c6a5a1fc02ad1d62d06897ab330693d4d27cd03

Details

Source: Mitre, NVD

Published: 2024-09-27

Updated: 2024-10-01

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H