CVE-2024-47658: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-47658 affects the Linux kernel's crypto subsystem, specifically the STM32/CRYP driver. The vulnerability was discovered and disclosed on October 9, 2024, and involves a spinlock recursion warning that occurs during the finalize operation in interrupt mode. This issue affects Linux kernel versions up to (excluding) 6.6.50 and versions from (including) 6.7 up to (excluding) 6.10.9 (NVD).

The vulnerability stems from a synchronization issue in the STM32/CRYP driver where the finalize operation in interrupt mode produces a spinlock recursion warning. The root cause is identified as the bottom-half (BH) handler not being disabled during the finalization process. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a denial of service condition due to the spinlock recursion warning in the kernel's crypto subsystem. This primarily affects systems utilizing the STM32/CRYP hardware crypto device driver (NVD).

The issue has been patched in the Linux kernel. The fix involves adding localbhdisable() and localbhenable() calls around the stm32crypfinish_req() function in the interrupt handler. Fixed versions are available in Linux kernel 6.6.50 and 6.10.9. Users are advised to upgrade to these or later versions (Kernel Patch).