{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2024-40912", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.581Z", "datePublished": "2024-07-12T12:20:50.488Z", "dateUpdated": "2026-05-23T15:50:48.555Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-23T15:50:48.555Z" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()\n\nThe ieee80211_sta_ps_deliver_wakeup() function takes sta->ps_lock to\nsynchronizes with ieee80211_tx_h_unicast_ps_buf() which is called from\nsoftirq context. However using only spin_lock() to get sta->ps_lock in\nieee80211_sta_ps_deliver_wakeup() does not prevent softirq to execute\non this same CPU, to run ieee80211_tx_h_unicast_ps_buf() and try to\ntake this same lock ending in deadlock. Below is an example of rcu stall\nthat arises in such situation.\n\n rcu: INFO: rcu_sched self-detected stall on CPU\n rcu: 2-....: (42413413 ticks this GP) idle=b154/1/0x4000000000000000 softirq=1763/1765 fqs=21206996\n rcu: (t=42586894 jiffies g=2057 q=362405 ncpus=4)\n CPU: 2 PID: 719 Comm: wpa_supplicant Tainted: G W 6.4.0-02158-g1b062f552873 #742\n Hardware name: RPT (r1) (DT)\n pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : queued_spin_lock_slowpath+0x58/0x2d0\n lr : invoke_tx_handlers_early+0x5b4/0x5c0\n sp : ffff00001ef64660\n x29: ffff00001ef64660 x28: ffff000009bc1070 x27: ffff000009bc0ad8\n x26: ffff000009bc0900 x25: ffff00001ef647a8 x24: 0000000000000000\n x23: ffff000009bc0900 x22: ffff000009bc0900 x21: ffff00000ac0e000\n x20: ffff00000a279e00 x19: ffff00001ef646e8 x18: 0000000000000000\n x17: ffff800016468000 x16: ffff00001ef608c0 x15: 0010533c93f64f80\n x14: 0010395c9faa3946 x13: 0000000000000000 x12: 00000000fa83b2da\n x11: 000000012edeceea x10: ffff0000010fbe00 x9 : 0000000000895440\n x8 : 000000000010533c x7 : ffff00000ad8b740 x6 : ffff00000c350880\n x5 : 0000000000000007 x4 : 0000000000000001 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff00000ac0e0e8\n Call trace:\n queued_spin_lock_slowpath+0x58/0x2d0\n ieee80211_tx+0x80/0x12c\n ieee80211_tx_pending+0x110/0x278\n tasklet_action_common.constprop.0+0x10c/0x144\n tasklet_action+0x20/0x28\n _stext+0x11c/0x284\n ____do_softirq+0xc/0x14\n call_on_irq_stack+0x24/0x34\n do_softirq_own_stack+0x18/0x20\n do_softirq+0x74/0x7c\n __local_bh_enable_ip+0xa0/0xa4\n _ieee80211_wake_txqs+0x3b0/0x4b8\n __ieee80211_wake_queue+0x12c/0x168\n ieee80211_add_pending_skbs+0xec/0x138\n ieee80211_sta_ps_deliver_wakeup+0x2a4/0x480\n ieee80211_mps_sta_status_update.part.0+0xd8/0x11c\n ieee80211_mps_sta_status_update+0x18/0x24\n sta_apply_parameters+0x3bc/0x4c0\n ieee80211_change_station+0x1b8/0x2dc\n nl80211_set_station+0x444/0x49c\n genl_family_rcv_msg_doit.isra.0+0xa4/0xfc\n genl_rcv_msg+0x1b0/0x244\n netlink_rcv_skb+0x38/0x10c\n genl_rcv+0x34/0x48\n netlink_unicast+0x254/0x2bc\n netlink_sendmsg+0x190/0x3b4\n ____sys_sendmsg+0x1e8/0x218\n ___sys_sendmsg+0x68/0x8c\n __sys_sendmsg+0x44/0x84\n __arm64_sys_sendmsg+0x20/0x28\n do_el0_svc+0x6c/0xe8\n el0_svc+0x14/0x48\n el0t_64_sync_handler+0xb0/0xb4\n el0t_64_sync+0x14c/0x150\n\nUsing spin_lock_bh()/spin_unlock_bh() instead prevents softirq to raise\non the same CPU that is holding the lock." } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "net/mac80211/sta_info.c" ], "versions": [ { "version": "1d147bfa64293b2723c4fec50922168658e613ba", "lessThan": "e51637e0c66a6f72d134d9f95daa47ea62b43c7e", "status": "affected", "versionType": "git" }, { "version": "1d147bfa64293b2723c4fec50922168658e613ba", "lessThan": "28ba44d680a30c51cf485a2f5a3b680e66ed3932", "status": "affected", "versionType": "git" }, { "version": "1d147bfa64293b2723c4fec50922168658e613ba", "lessThan": "e7e916d693dcb5a297f40312600a82475f2e63bc", "status": "affected", "versionType": "git" }, { "version": "1d147bfa64293b2723c4fec50922168658e613ba", "lessThan": "d90bdff79f8e40adf889b5408bfcf521528b169f", "status": "affected", "versionType": "git" }, { "version": "1d147bfa64293b2723c4fec50922168658e613ba", "lessThan": "9c49b58b9a2bed707e7638576e54c4bccd97b9eb", "status": "affected", "versionType": "git" }, { "version": "1d147bfa64293b2723c4fec50922168658e613ba", "lessThan": "456bbb8a31e425177dc0e8d4f98728a560c20e81", "status": "affected", "versionType": "git" }, { "version": "1d147bfa64293b2723c4fec50922168658e613ba", "lessThan": "47d176755d5c0baf284eff039560f8c1ba0ea485", "status": "affected", "versionType": "git" }, { "version": "1d147bfa64293b2723c4fec50922168658e613ba", "lessThan": "44c06bbde6443de206b30f513100b5670b23fc5e", "status": "affected", "versionType": "git" }, { "version": "ad64b463d919a18be70b281efb135231169caf4a", "status": "affected", "versionType": "git" }, { "version": "46a5a5493360f995b834eb3b828eb59da4604509", "status": "affected", "versionType": "git" }, { "version": "a7ee1a84a81555b19ec3d02f104bfd70cf0b668a", "status": "affected", "versionType": "git" }, { "version": "58d4310586466840dab77e56e53f4508853a5268", "status": "affected", "versionType": "git" }, { "version": "fcb6d3c79824d350893edfa7b50d6ba1f670c4ec", "status": "affected", "versionType": "git" }, { "version": "3.2.56", "lessThan": "3.3", "status": "affected", "versionType": "semver" }, { "version": "3.4.84", "lessThan": "3.5", "status": "affected", "versionType": "semver" }, { "version": "3.10.34", "lessThan": "3.11", "status": "affected", "versionType": "semver" }, { "version": "3.12.15", "lessThan": "3.13", "status": "affected", "versionType": "semver" }, { "version": "3.13.7", "lessThan": "3.14", "status": "affected", "versionType": "semver" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "net/mac80211/sta_info.c" ], "versions": [ { "version": "3.14", "status": "affected" }, { "version": "0", "lessThan": "3.14", "status": "unaffected", "versionType": "semver" }, { "version": "4.19.317", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.4.279", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.10.221", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.1.95", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.6.35", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.9.6", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.14", "versionEndExcluding": "4.19.317" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.14", "versionEndExcluding": "5.4.279" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.14", "versionEndExcluding": "5.10.221" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.14", "versionEndExcluding": "5.15.162" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.14", "versionEndExcluding": "6.1.95" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.14", "versionEndExcluding": "6.6.35" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.14", "versionEndExcluding": "6.9.6" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.14", "versionEndExcluding": "6.10" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.2.56" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.4.84" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.10.34" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.12.15" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.13.7" } ] } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/e51637e0c66a6f72d134d9f95daa47ea62b43c7e" }, { "url": "https://git.kernel.org/stable/c/28ba44d680a30c51cf485a2f5a3b680e66ed3932" }, { "url": "https://git.kernel.org/stable/c/e7e916d693dcb5a297f40312600a82475f2e63bc" }, { "url": "https://git.kernel.org/stable/c/d90bdff79f8e40adf889b5408bfcf521528b169f" }, { "url": "https://git.kernel.org/stable/c/9c49b58b9a2bed707e7638576e54c4bccd97b9eb" }, { "url": "https://git.kernel.org/stable/c/456bbb8a31e425177dc0e8d4f98728a560c20e81" }, { "url": "https://git.kernel.org/stable/c/47d176755d5c0baf284eff039560f8c1ba0ea485" }, { "url": "https://git.kernel.org/stable/c/44c06bbde6443de206b30f513100b5670b23fc5e" } ], "title": "wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()", "x_generator": { "engine": "bippy-1.2.0" } }, "adp": [ { "title": "CVE Program Container", "references": [ { "url": "https://git.kernel.org/stable/c/e51637e0c66a6f72d134d9f95daa47ea62b43c7e", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/28ba44d680a30c51cf485a2f5a3b680e66ed3932", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/e7e916d693dcb5a297f40312600a82475f2e63bc", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/d90bdff79f8e40adf889b5408bfcf521528b169f", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/9c49b58b9a2bed707e7638576e54c4bccd97b9eb", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/456bbb8a31e425177dc0e8d4f98728a560c20e81", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/47d176755d5c0baf284eff039560f8c1ba0ea485", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/44c06bbde6443de206b30f513100b5670b23fc5e", "tags": [ "x_transferred" ] }, { "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html" } ], "providerMetadata": { "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T21:57:42.045Z" } }, { "metrics": [ { "other": { "type": "ssvc", "content": { "id": "CVE-2024-40912", "role": "CISA Coordinator", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "version": "2.0.3", "timestamp": "2024-09-10T17:05:59.270343Z" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:37.046Z" } }, { "x_adpType": "supplier", "providerMetadata": { "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "shortName": "siemens-SADP", "dateUpdated": "2026-05-12T11:55:40.339Z" }, "affected": [ { "vendor": "Siemens", "product": "RUGGEDCOM RST2428P", "versions": [ { "status": "unaffected", "version": "0", "lessThan": "*", "versionType": "custom" } ], "defaultStatus": "unknown" }, { "vendor": "Siemens", "product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family", "versions": [ { "status": "unaffected", "version": "0", "lessThan": "*", "versionType": "custom" } ], "defaultStatus": "unknown" }, { "vendor": "Siemens", "product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family", "versions": [ { "status": "unaffected", "version": "0", "lessThan": "*", "versionType": "custom" } ], "defaultStatus": "unknown" }, { "vendor": "Siemens", "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem", "versions": [ { "status": "affected", "version": "0", "lessThan": "*", "versionType": "custom" } ], "defaultStatus": "unknown" } ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html" } ] } ] } }