CVE-2024-46692 is a vulnerability identified in the Linux kernel related to the Qualcomm (qcom) Secure Channel Manager (SCM) firmware interface. The issue arises from the incorrect handling of the get_wq_ctx() function, which is currently implemented as a standard Secure Monitor Call (SMC). In the vulnerable state, when two SMC calls are in a sleeping state and one SMC call wakes up, it invokes get_wq_ctx() to resume the corresponding sleeping thread. However, if get_wq_ctx() itself is interrupted and goes to sleep, and meanwhile another SMC call is waiting to allocate a wait queue context, this sequence can lead to a deadlock. This deadlock occurs because get_wq_ctx() is not atomic and can be preempted or put to sleep, which is inappropriate for its role in managing wait queue contexts in the SCM. The fix involves marking get_wq_ctx() as an atomic call by converting it from a standard SMC call to a fast SMC call, ensuring it cannot be interrupted or put to sleep during execution, thus preventing the deadlock condition. This vulnerability affects Linux kernel versions containing the specified commit hash (6bf32599223634294cdc6efb359ffaab1d68073c), which corresponds to recent kernel versions incorporating Qualcomm SCM firmware support. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet. The vulnerability primarily impacts systems running Linux kernels on Qualcomm-based platforms that utilize the SCM interface for secure firmware communication.

For European organizations, the impact of CVE-2024-46692 depends largely on their deployment of Linux systems running on Qualcomm-based hardware, such as embedded devices, mobile infrastructure, or specialized industrial equipment. The deadlock caused by this vulnerability can lead to system hangs or degraded performance, potentially affecting availability of critical services. In sectors like telecommunications, automotive, industrial control systems, and IoT deployments—where Qualcomm SoCs and Linux are common—this could disrupt operations or cause downtime. Although this vulnerability does not directly lead to privilege escalation or data leakage, the denial-of-service-like deadlock can impact system reliability and availability, which is critical for service continuity. European organizations relying on embedded Linux devices in critical infrastructure or telecommunications could face operational risks if this issue is exploited or triggered inadvertently. The absence of known exploits reduces immediate risk, but the potential for deadlocks in production environments necessitates prompt attention to avoid service interruptions.

To mitigate this vulnerability, European organizations should prioritize updating their Linux kernel to versions that include the patch marking get_wq_ctx() as a fast (atomic) SMC call. This requires coordination with hardware vendors and Linux distribution maintainers to ensure patched kernel releases are deployed, especially on Qualcomm-based platforms. For embedded and IoT devices, firmware updates incorporating the patched kernel should be applied as soon as available. Organizations should also implement robust monitoring for system hangs or deadlocks related to SCM calls, enabling early detection of symptoms. Where possible, testing updates in staging environments that replicate Qualcomm-based hardware configurations is recommended to validate stability before production rollout. Additionally, organizations should review their device inventories to identify systems running affected kernel versions on Qualcomm hardware to prioritize patching efforts. Since this vulnerability involves low-level kernel and firmware interaction, generic mitigations like disabling features or restricting user access are less effective; the focus must be on applying the kernel patch and firmware updates.