[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2024041739-CVE-2024-26876-3948@gregkh>
Date: Wed, 17 Apr 2024 12:28:51 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-26876: drm/bridge: adv7511: fix crash on irq during probe
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
drm/bridge: adv7511: fix crash on irq during probe
Moved IRQ registration down to end of adv7511_probe().
If an IRQ already is pending during adv7511_probe
(before adv7511_cec_init) then cec_received_msg_ts
could crash using uninitialized data:
Unable to handle kernel read from unreadable memory at virtual address 00000000000003d5
Internal error: Oops: 96000004 [#1] PREEMPT_RT SMP
Call trace:
cec_received_msg_ts+0x48/0x990 [cec]
adv7511_cec_irq_process+0x1cc/0x308 [adv7511]
adv7511_irq_process+0xd8/0x120 [adv7511]
adv7511_irq_handler+0x1c/0x30 [adv7511]
irq_thread_fn+0x30/0xa0
irq_thread+0x14c/0x238
kthread+0x190/0x1a8
The Linux kernel CVE team has assigned CVE-2024-26876 to this issue.
Affected and fixed versions
===========================
Issue introduced in 4.15 with commit 3b1b975003e4 and fixed in 6.7.11 with commit 955c12529306
Issue introduced in 4.15 with commit 3b1b975003e4 and fixed in 6.8.2 with commit 28a94271bd50
Issue introduced in 4.15 with commit 3b1b975003e4 and fixed in 6.9-rc1 with commit aeedaee5ef54
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-26876
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/955c1252930677762e0db2b6b9e36938c887445c
https://git.kernel.org/stable/c/28a94271bd50e4cf498df0381f776f8ea40a289e
https://git.kernel.org/stable/c/aeedaee5ef5468caf59e2bb1265c2116e0c9a924
Powered by blists - more mailing lists