CVE-2024-26691

Published: Apr 3, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix circular locking dependency The rule inside kvm enforces that the vcpu->mutex is taken *inside* kvm->lock. The rule is violated by the pkvm_create_hyp_vm() which acquires the kvm->lock while already holding the vcpu->mutex lock from kvm_vcpu_ioctl(). Avoid the circular locking dependency altogether by protecting the hyp vm handle with the config_lock, much like we already do for other forms of VM-scoped data.

Vendor	Product	Versions
Linux	Linux	affected `6211753fdfd05af9e08f54c8d0ba3ee516034878 - < 3d16cebf01127f459dcfeb79ed77bd68b124c228` affected `6211753fdfd05af9e08f54c8d0ba3ee516034878 - < 3ab1c40a1e915e350d9181a4603af393141970cc` affected `6211753fdfd05af9e08f54c8d0ba3ee516034878 - < 10c02aad111df02088d1a81792a709f6a7eca6cc`
Linux	Linux	affected `3.11` unaffected `0 - < 3.11` unaffected `6.6.18 - <= 6.6.` unaffected `6.7.6 - <= 6.7.` unaffected `6.8 - <= *`

References

https://git.kernel.org/stable/c/3d16cebf01127f459dcfeb79ed77bd68b124c228

https://git.kernel.org/stable/c/3ab1c40a1e915e350d9181a4603af393141970cc

https://git.kernel.org/stable/c/10c02aad111df02088d1a81792a709f6a7eca6cc

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-26691

Description

Affected Products

References