CVE-2024-46791: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46791 is a vulnerability in the Linux kernel's CAN (Controller Area Network) driver for MCP251x devices. The issue was discovered and disclosed in September 2024, affecting Linux kernel versions from 5.5 through 6.11-rc6. The vulnerability stems from a deadlock condition in the mcp251xhwwake() function when an interrupt occurs during the mcp251x_open operation (NVD).

The vulnerability occurs when the mcp251xhwwake() function is called with the mpc_lock mutex held and disables the interrupt handler. If an interrupt has already occurred, waiting for the interrupt handler to complete will result in a deadlock because it attempts to acquire the same mutex. The CVSS v3.1 base score is 5.5 (Medium) with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access is required and the primary impact is on availability (NVD).

The vulnerability can lead to a system deadlock in the CAN driver, potentially causing a denial of service condition. This affects the availability of the CAN communication system, which could be particularly concerning in industrial or automotive applications where CAN bus communication is critical (NVD).

The issue has been fixed by replacing disableirq() with disableirqnosync() in the mcp251xhw_wake() function. This change allows the interrupt handler to complete its execution while holding the mutex. The fix has been implemented in various kernel versions and is available through distribution-specific kernel updates (Kernel Patch).