Bug 1227950 (CVE-2024-40977)

Summary: VUL-0: CVE-2024-40977: kernel: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Kernel Bugs <kernel-bugs>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: rfrohl
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/413904/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-40977:5.5:(AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-07-16 13:58:32 UTC 
In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7921s: fix potential hung tasks during chip recovery

During chip recovery (e.g. chip reset), there is a possible situation that
kernel worker reset_work is holding the lock and waiting for kernel thread
stat_worker to be parked, while stat_worker is waiting for the release of
the same lock.
It causes a deadlock resulting in the dumping of hung tasks messages and
possible rebooting of the device.

This patch prevents the execution of stat_worker during the chip recovery.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-40977
https://www.cve.org/CVERecord?id=CVE-2024-40977
https://git.kernel.org/stable/c/0b81faa05b0b9feb3ae2d69be1d21f0d126ecb08
https://git.kernel.org/stable/c/85edd783f4539a994d66c4c014d5858f490b7a02
https://git.kernel.org/stable/c/e974dd4c22a23ec3ce579fb6d31a674ac0435da9
https://git.kernel.org/stable/c/ecf0b2b8a37c8464186620bef37812a117ff6366
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-40977.mbox