Vulnerabilities > CVE-2024-26691 - Unspecified vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix circular locking dependency The rule inside kvm enforces that the vcpu->mutex is taken *inside* kvm->lock. The rule is violated by the pkvm_create_hyp_vm() which acquires the kvm->lock while already holding the vcpu->mutex lock from kvm_vcpu_ioctl(). Avoid the circular locking dependency altogether by protecting the hyp vm handle with the config_lock, much like we already do for other forms of VM-scoped data.
Vulnerable Configurations
References
- https://git.kernel.org/stable/c/10c02aad111df02088d1a81792a709f6a7eca6cc
- https://git.kernel.org/stable/c/10c02aad111df02088d1a81792a709f6a7eca6cc
- https://git.kernel.org/stable/c/3ab1c40a1e915e350d9181a4603af393141970cc
- https://git.kernel.org/stable/c/3ab1c40a1e915e350d9181a4603af393141970cc
- https://git.kernel.org/stable/c/3d16cebf01127f459dcfeb79ed77bd68b124c228
- https://git.kernel.org/stable/c/3d16cebf01127f459dcfeb79ed77bd68b124c228