| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 29 Feb 2024 23:38:04 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2021-47067: soc/tegra: regulators: Fix locking up when voltage-spread is out of range Description =========== In the Linux kernel, the following vulnerability has been resolved: soc/tegra: regulators: Fix locking up when voltage-spread is out of range Fix voltage coupler lockup which happens when voltage-spread is out of range due to a bug in the code. The max-spread requirement shall be accounted when CPU regulator doesn't have consumers. This problem is observed on Tegra30 Ouya game console once system-wide DVFS is enabled in a device-tree. The Linux kernel CVE team has assigned CVE-2021-47067 to this issue. Affected and fixed versions =========================== Issue introduced in 5.5 with commit 783807436f36 and fixed in 5.10.37 with commit a1ad124c8368 Issue introduced in 5.5 with commit 783807436f36 and fixed in 5.11.21 with commit dc4452867200 Issue introduced in 5.5 with commit 783807436f36 and fixed in 5.12.4 with commit ff39adf5d31c Issue introduced in 5.5 with commit 783807436f36 and fixed in 5.13 with commit ef85bb582c41 Please see https://www.kernel.org or a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2021-47067 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/soc/tegra/regulators-tegra30.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/a1ad124c836816fac8bd5e461d36eaf33cee4e24 https://git.kernel.org/stable/c/dc4452867200fa94589b382740952b58aa1c3e6c https://git.kernel.org/stable/c/ff39adf5d31c72025bba799aec69c5c86d81d549 https://git.kernel.org/stable/c/ef85bb582c41524e9e68dfdbde48e519dac4ab3d
Powered by blists - more mailing lists