CVE-2024-42090
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-42090
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42090.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-42090
- Downstream
- Related
- Published
- 2024-07-29T16:26:30.139Z
- Modified
- 2025-11-28T02:34:24.584784Z
- Summary
- pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: fix deadlock in createpinctrl() when handling -EPROBEDEFER
In createpinctrl(), pinctrlmapsmutex is acquired before calling addsetting(). If addsetting() returns -EPROBEDEFER, createpinctrl() calls pinctrlfree(). However, pinctrlfree() attempts to acquire pinctrlmapsmutex, which is already held by createpinctrl(), leading to a potential deadlock.
This patch resolves the issue by releasing pinctrlmapsmutex before calling pinctrl_free(), preventing the deadlock.
This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42090.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/01fe2f885f7813f8aed5d3704b384a97b1116a9e
- https://git.kernel.org/stable/c/4038c57bf61631219b31f1bd6e92106ec7f084dc
- https://git.kernel.org/stable/c/420ce1261907e5dbeda1e4daffd5b6c76f8188c0
- https://git.kernel.org/stable/c/48a7a7c9571c3e62f17012dd7f2063e926179ddd
- https://git.kernel.org/stable/c/adec57ff8e66aee632f3dd1f93787c13d112b7a1
- https://git.kernel.org/stable/c/b36efd2e3e22a329444b6b24fa48df6d20ae66e6
- https://git.kernel.org/stable/c/b813e3fd102a959c5b208ed68afe27e0137a561b
- https://git.kernel.org/stable/c/e65a0dc2e85efb28e182aca50218e8a056d0ce04
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42090.json
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-42090
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced42fed7ba44e4e8c1fb27b28ad14490cb1daff3c7Fixede65a0dc2e85efb28e182aca50218e8a056d0ce04Fixed420ce1261907e5dbeda1e4daffd5b6c76f8188c0Fixedb813e3fd102a959c5b208ed68afe27e0137a561bFixed01fe2f885f7813f8aed5d3704b384a97b1116a9eFixedb36efd2e3e22a329444b6b24fa48df6d20ae66e6Fixed4038c57bf61631219b31f1bd6e92106ec7f084dcFixed48a7a7c9571c3e62f17012dd7f2063e926179dddFixedadec57ff8e66aee632f3dd1f93787c13d112b7a1
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced3.10.0Fixed4.19.317
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.279
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.221
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.162
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.97
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.37
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.9.8