ID

VAR-202407-1139


CVE

CVE-2024-40980


TITLE

Linux  of  Linux Kernel  resource locking vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-007703

DESCRIPTION

In the Linux kernel, the following vulnerability has been resolved: drop_monitor: replace spin_lock by raw_spin_lock trace_drop_common() is called with preemption disabled, and it acquires a spin_lock. This is problematic for RT kernels because spin_locks are sleeping locks in this configuration, which causes the following splat: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47 preempt_count: 1, expected: 0 RCU nest depth: 2, expected: 2 5 locks held by rcuc/47/449: #0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210 #1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130 #2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210 #3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70 #4: ff1100086ee07520 (&data->lock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290 irq event stamp: 139909 hardirqs last enabled at (139908): [<ffffffffb1df2b33>] _raw_spin_unlock_irqrestore+0x63/0x80 hardirqs last disabled at (139909): [<ffffffffb19bd03d>] trace_drop_common.constprop.0+0x26d/0x290 softirqs last enabled at (139892): [<ffffffffb07a1083>] __local_bh_enable_ip+0x103/0x170 softirqs last disabled at (139898): [<ffffffffb0909b33>] rcu_cpu_kthread+0x93/0x1f0 Preemption disabled at: [<ffffffffb1de786b>] rt_mutex_slowunlock+0xab/0x2e0 CPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7 Hardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022 Call Trace: <TASK> dump_stack_lvl+0x8c/0xd0 dump_stack+0x14/0x20 __might_resched+0x21e/0x2f0 rt_spin_lock+0x5e/0x130 ? trace_drop_common.constprop.0+0xb5/0x290 ? skb_queue_purge_reason.part.0+0x1bf/0x230 trace_drop_common.constprop.0+0xb5/0x290 ? preempt_count_sub+0x1c/0xd0 ? _raw_spin_unlock_irqrestore+0x4a/0x80 ? __pfx_trace_drop_common.constprop.0+0x10/0x10 ? rt_mutex_slowunlock+0x26a/0x2e0 ? skb_queue_purge_reason.part.0+0x1bf/0x230 ? __pfx_rt_mutex_slowunlock+0x10/0x10 ? skb_queue_purge_reason.part.0+0x1bf/0x230 trace_kfree_skb_hit+0x15/0x20 trace_kfree_skb+0xe9/0x150 kfree_skb_reason+0x7b/0x110 skb_queue_purge_reason.part.0+0x1bf/0x230 ? __pfx_skb_queue_purge_reason.part.0+0x10/0x10 ? mark_lock.part.0+0x8a/0x520 ... trace_drop_common() also disables interrupts, but this is a minor issue because we could easily replace it with a local_lock. Replace the spin_lock with raw_spin_lock to avoid sleeping in atomic context. Linux of Linux Kernel contains a resource locking vulnerability.Service operation interruption (DoS) It may be in a state. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on SINEC OS with up to 28 non-blocking interfaces. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) and human-machine interfaces (HMIs). Multiple vulnerabilities exist in third-party components prior to SIEMENS SINEC OS V3.2. These vulnerabilities could be exploited to corrupt values, leading to undefined behavior or security issues

Trust: 2.7

sources: NVD: CVE-2024-40980 // JVNDB: JVNDB-2024-007703 // CNVD: CNVD-2025-19346 // CNVD: CNVD-2025-19350

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.2

sources: CNVD: CNVD-2025-19346 // CNVD: CNVD-2025-19350

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:gteversion:5.11

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.4.279

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.5

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.6.36

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.10.221

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:6.2

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.16

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.9.7

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.15.162

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:6.7

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.1.96

Trust: 1.0

vendor:linuxmodel:kernelscope:eqversion:5.4.279

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.16 that's all 6.1.96

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.5 that's all 5.10.221

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion: -

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:6.7 that's all 6.9.7

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.11 that's all 5.15.162

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:6.2 that's all 6.6.36

Trust: 0.8

vendor:siemensmodel:ruggedcom rst2428pscope:ltversion:v3.1

Trust: 0.6

vendor:siemensmodel:scalance xc-300/xr-300/xc-400/xr-500wg/xr-500 familyscope:ltversion:v3.1

Trust: 0.6

vendor:siemensmodel:scalance xcm-/xrm-/xch-/xrh-300 familyscope:ltversion:v3.1

Trust: 0.6

vendor:siemensmodel:ruggedcom rst2428pscope:ltversion:v3.2

Trust: 0.6

vendor:siemensmodel:scalance xc-300/xr-300/xc-400/xr-500wg/xr-500 familyscope:ltversion:v3.2

Trust: 0.6

vendor:siemensmodel:scalance xcm-/xrm-/xch-/xrh-300 familyscope:ltversion:v3.2

Trust: 0.6

sources: CNVD: CNVD-2025-19346 // CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-007703 // NVD: CVE-2024-40980

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-40980
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-40980
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-19346
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-19350
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-19346
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2025-19350
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-40980
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2024-40980
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-19346 // CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-007703 // NVD: CVE-2024-40980

PROBLEMTYPE DATA

problemtype:CWE-667

Trust: 1.0

problemtype:improper lock (CWE-667) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-007703 // NVD: CVE-2024-40980

PATCH

title:Linux Kernel Archivesurl:https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=07ea878684dfb78a9d4f564c39d07e855a9e242e

Trust: 0.8

title:Patch for Multiple vulnerabilities in Siemens SINEC OS third-party componentsurl:https://www.cnvd.org.cn/patchInfo/show/723071

Trust: 0.6

title:Patch for Multiple vulnerabilities exist in third-party components of SIEMENS SINEC OS V3.2 and earlierurl:https://www.cnvd.org.cn/patchInfo/show/723061

Trust: 0.6

sources: CNVD: CNVD-2025-19346 // CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-007703

EXTERNAL IDS

db:NVDid:CVE-2024-40980

Trust: 2.6

db:SIEMENSid:SSA-613116

Trust: 1.6

db:SIEMENSid:SSA-355557

Trust: 1.6

db:SIEMENSid:SSA-265688

Trust: 1.0

db:JVNid:JVNVU92169998

Trust: 0.8

db:ICS CERTid:ICSA-25-226-07

Trust: 0.8

db:JVNDBid:JVNDB-2024-007703

Trust: 0.8

db:CNVDid:CNVD-2025-19346

Trust: 0.6

db:CNVDid:CNVD-2025-19350

Trust: 0.6

sources: CNVD: CNVD-2025-19346 // CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-007703 // NVD: CVE-2024-40980

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-613116.html

Trust: 1.6

url:https://cert-portal.siemens.com/productcert/html/ssa-355557.html

Trust: 1.6

url:https://git.kernel.org/stable/c/594e47957f3fe034645e6885393ce96c12286334

Trust: 1.0

url:https://git.kernel.org/stable/c/96941f29ebcc1e9cbf570dc903f30374909562f5

Trust: 1.0

url:https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Trust: 1.0

url:https://git.kernel.org/stable/c/f1e197a665c2148ebc25fe09c53689e60afea195

Trust: 1.0

url:https://git.kernel.org/stable/c/76ce2f9125244e1708d29c1d3f9d1d50b347bda0

Trust: 1.0

url:https://git.kernel.org/stable/c/b3722fb69468693555f531cddda5c30444726dac

Trust: 1.0

url:https://cert-portal.siemens.com/productcert/html/ssa-265688.html

Trust: 1.0

url:https://git.kernel.org/stable/c/07ea878684dfb78a9d4f564c39d07e855a9e242e

Trust: 1.0

url:https://git.kernel.org/stable/c/f251ccef1d864790e5253386e95544420b7cd8f3

Trust: 1.0

url:https://jvn.jp/vu/jvnvu92169998/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-40980

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07

Trust: 0.8

sources: CNVD: CNVD-2025-19346 // CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-007703 // NVD: CVE-2024-40980

SOURCES

db:CNVDid:CNVD-2025-19346
db:CNVDid:CNVD-2025-19350
db:JVNDBid:JVNDB-2024-007703
db:NVDid:CVE-2024-40980

LAST UPDATE DATE

2026-06-19T22:03:39.812000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-19346date:2025-08-22T00:00:00
db:CNVDid:CNVD-2025-19350date:2025-08-22T00:00:00
db:JVNDBid:JVNDB-2024-007703date:2025-09-02T01:05:00
db:NVDid:CVE-2024-40980date:2026-05-12T12:17:01.577

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-19346date:2025-08-12T00:00:00
db:CNVDid:CNVD-2025-19350date:2025-08-12T00:00:00
db:JVNDBid:JVNDB-2024-007703date:2024-09-10T00:00:00
db:NVDid:CVE-2024-40980date:2024-07-12T13:15:19.550