{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-46691","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-09-11T15:12:18.249Z","datePublished":"2024-09-13T05:29:20.991Z","dateUpdated":"2026-03-25T10:19:10.186Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-03-25T10:19:10.186Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Move unregister out of atomic section\n\nCommit '9329933699b3 (\"soc: qcom: pmic_glink: Make client-lock\nnon-sleeping\")' moved the pmic_glink client list under a spinlock, as it\nis accessed by the rpmsg/glink callback, which in turn is invoked from\nIRQ context.\n\nThis means that ucsi_unregister() is now called from atomic context,\nwhich isn't feasible as it's expecting a sleepable context. An effort is\nunder way to get GLINK to invoke its callbacks in a sleepable context,\nbut until then lets schedule the unregistration.\n\nA side effect of this is that ucsi_unregister() can now happen\nafter the remote processor, and thereby the communication link with it, is\ngone. pmic_glink_send() is amended with a check to avoid the resulting NULL\npointer dereference.\nThis does however result in the user being informed about this error by\nthe following entry in the kernel log:\n\n  ucsi_glink.pmic_glink_ucsi pmic_glink.ucsi.0: failed to send UCSI write request: -5"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/soc/qcom/pmic_glink.c","drivers/usb/typec/ucsi/ucsi_glink.c"],"versions":[{"version":"fbadcde1572f6b00e1e343d8b24ec8bf7f3ec08d","lessThan":"1e3769aa0946c2b6e509c06d7a0aa9b955eaef9e","status":"affected","versionType":"git"},{"version":"9329933699b32d467a99befa20415c4b2172389a","lessThan":"095b0001aefddcd9361097c971b7debc84e72714","status":"affected","versionType":"git"},{"version":"9329933699b32d467a99befa20415c4b2172389a","lessThan":"11bb2ffb679399f99041540cf662409905179e3a","status":"affected","versionType":"git"},{"version":"8d62ab7d89a4906385ea8c11a4b2475578bec0f0","status":"affected","versionType":"git"},{"version":"bd54d7c8e76d235b4a70be3a545eb13f5ac531e4","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/soc/qcom/pmic_glink.c","drivers/usb/typec/ucsi/ucsi_glink.c"],"versions":[{"version":"6.10","status":"affected"},{"version":"0","lessThan":"6.10","status":"unaffected","versionType":"semver"},{"version":"6.6.130","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.10.8","lessThanOrEqual":"6.10.*","status":"unaffected","versionType":"semver"},{"version":"6.11","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.33","versionEndExcluding":"6.6.130"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.10.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9.3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1e3769aa0946c2b6e509c06d7a0aa9b955eaef9e"},{"url":"https://git.kernel.org/stable/c/095b0001aefddcd9361097c971b7debc84e72714"},{"url":"https://git.kernel.org/stable/c/11bb2ffb679399f99041540cf662409905179e3a"}],"title":"usb: typec: ucsi: Move unregister out of atomic section","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-29T15:06:52.719050Z","id":"CVE-2024-46691","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-29T15:07:06.973Z"}}]}}