CVE-2024-46829: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46829 affects the Linux kernel's real-time mutex (rtmutex) implementation. The vulnerability was discovered and disclosed in September 2024, affecting multiple versions of the Linux kernel from version 3.2.61 up to versions before 6.10.10. The issue occurs in the rtmutex handling where rtmutex::waitlock is held during deadlock detection (NVD).

The vulnerability stems from an improper locking mechanism in the rtmutexhandledeadlock() function. When called with rtmutex::wait_lock held, it maintains the lock during deadlock detection. In normal operation, it returns with the lock held, but in deadlock scenarios, it enters an endless scheduling loop while still holding the lock, triggering a 'scheduling in atomic' warning. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a denial of service condition through system crashes when the deadlock detection mechanism is triggered. The impact is limited to local systems and requires local user access to exploit (NVD).

The issue has been fixed by modifying the rtmutexhandledeadlock() function to release the rtmutex::wait_lock before issuing the warning and entering the scheduling loop. The fix has been implemented across multiple Linux kernel versions, including 5.15.0-125.135 for Ubuntu 22.04 LTS and 6.8.0-50.51 for Ubuntu 24.04 LTS (Ubuntu Security).