CVE-2024-46692: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46692 affects the Linux kernel's firmware component, specifically the Qualcomm SCM (Secure Channel Manager) functionality. The vulnerability was discovered in the getwqctx() function, which was incorrectly configured as a standard call instead of an atomic call. The issue affects Linux kernel versions from 6.3 up to (excluding) 6.6.49, and from 6.7 up to (excluding) 6.10.8, as well as several 6.11 release candidates. The vulnerability was disclosed on September 13, 2024, with a CVSS v3.1 base score of 5.5 (Medium) (NVD).

The vulnerability stems from a race condition in the getwqctx() function within the Qualcomm SCM driver. When two SMC (Secure Monitor Call) calls are in sleep state and one SMC wakes up, it calls getwqctx() to resume the corresponding sleeping thread. However, if getwqctx() is interrupted and goes to sleep while another SMC call is waiting to be allocated a waitq context, it leads to a deadlock condition. The issue was classified as CWE-667 (Improper Locking) (NVD).

The vulnerability can result in a deadlock condition in the Linux kernel's Qualcomm SCM driver, potentially affecting system stability and availability. The CVSS score of 5.5 indicates a medium severity local attack vector that primarily impacts system availability (NVD).

The issue has been fixed by marking getwqctx() as an atomic call (fast call) instead of a standard SMC call. The fix has been implemented in various Linux kernel versions, including 6.8.0-50.51 for Ubuntu 24.04 LTS and corresponding versions for other distributions. Users are advised to update their kernel to the latest patched version (Kernel Patch).