CVE-2024-47744: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-47744 affects the Linux kernel and involves a potential deadlock in the KVM (Kernel-based Virtual Machine) subsystem. The vulnerability was discovered in the usage count protection mechanism where a chain of locks and SRCU synchronizations on x86 systems could lead to a deadlock condition (Kernel Patch). The issue affects Linux kernel versions from 6.3 up to 6.6.54, 6.7 up to 6.10.13, and 6.11 up to 6.11.2 (NVD).

The vulnerability stems from a circular locking dependency in the KVM subsystem. The deadlock occurs due to a chain of locks and SRCU synchronizations involving CPU0, CPU1, and CPU2, where CPU1 waits on CPU0, CPU0 waits on CPU2, and CPU2 waits on CPU1 if there's a writer. The issue specifically involves the kvmusagecount protection mechanism and its interaction with various locks including slots_lock, vcpu mutex, and SRCU synchronization (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 MEDIUM (Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) (NVD).

The vulnerability can result in a system deadlock, potentially causing a denial of service condition in affected systems. While the impact is significant from an availability perspective, there are no direct implications for confidentiality or integrity of the system (NVD).

The issue has been fixed by introducing a dedicated mutex (kvmusagelock) to guard kvmusagecount, replacing the previous implementation that used kvm_lock. This solution prevents the potential deadlock by avoiding the circular dependency chain. Users should update to patched kernel versions: Linux kernel 6.6.54 or later, 6.10.13 or later, or 6.11.2 or later (NVD).