CVE-2024-48876

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-48876

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-48876.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-48876

Downstream

BELL-CVE-2024-48876

DEBIAN-CVE-2024-48876

UBUNTU-CVE-2024-48876

USN-7379-1

USN-7381-1

USN-7382-1

USN-7449-1

USN-7449-2

USN-7450-1

USN-7451-1

USN-7452-1

USN-7453-1

USN-7468-1

USN-7523-1

USN-7524-1

Related

Published

2025-01-11T13:15:23Z

Modified

2025-09-23T16:38:27Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

stackdepot: fix stackdepotsave_flags() in NMI context

Per documentation, stackdepotsaveflags() was meant to be usable from NMI context if STACKDEPOTFLAGCANALLOC is unset. However, it still would try to take the poollock in an attempt to save a stack trace in the current pool (if space is available).

This could result in deadlock if an NMI is handled while pool_lock is already held. To avoid deadlock, only try to take the lock in NMI context and give up if unsuccessful.

The documentation is fixed to clearly convey this.

References

Affected packages