| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Apr 2024 16:56:05 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-26714: interconnect: qcom: sc8180x: Mark CO0 BCM keepalive Description =========== In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sc8180x: Mark CO0 BCM keepalive The CO0 BCM needs to be up at all times, otherwise some hardware (like the UFS controller) loses its connection to the rest of the SoC, resulting in a hang of the platform, accompanied by a spectacular logspam. Mark it as keepalive to prevent such cases. The Linux kernel CVE team has assigned CVE-2024-26714 to this issue. Affected and fixed versions =========================== Issue introduced in 5.15 with commit 9c8c6bac1ae8 and fixed in 6.1.79 with commit 6616d3c4f828 Issue introduced in 5.15 with commit 9c8c6bac1ae8 and fixed in 6.6.18 with commit d8e36ff40cf9 Issue introduced in 5.15 with commit 9c8c6bac1ae8 and fixed in 6.7.6 with commit 7a3a70dd08e4 Issue introduced in 5.15 with commit 9c8c6bac1ae8 and fixed in 6.8 with commit 85e985a4f46e Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-26714 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/interconnect/qcom/sc8180x.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/6616d3c4f8284a7b3ef978c916566bd240cea1c7 https://git.kernel.org/stable/c/d8e36ff40cf9dadb135f3a97341c02c9a7afcc43 https://git.kernel.org/stable/c/7a3a70dd08e4b7dffc2f86f2c68fc3812804b9d0 https://git.kernel.org/stable/c/85e985a4f46e462a37f1875cb74ed380e7c0c2e0
Powered by blists - more mailing lists