| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024051943-CVE-2024-35876-d9b5@gregkh> Date: Sun, 19 May 2024 10:34:50 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-35876: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() Description =========== In the Linux kernel, the following vulnerability has been resolved: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() Modifying a MCA bank's MCA_CTL bits which control which error types to be reported is done over /sys/devices/system/machinecheck/ ├── machinecheck0 │ ├── bank0 │ ├── bank1 │ ├── bank10 │ ├── bank11 ... sysfs nodes by writing the new bit mask of events to enable. When the write is accepted, the kernel deletes all current timers and reinits all banks. Doing that in parallel can lead to initializing a timer which is already armed and in the timer wheel, i.e., in use already: ODEBUG: init active (active state 0) object: ffff888063a28000 object type: timer_list hint: mce_timer_fn+0x0/0x240 arch/x86/kernel/cpu/mce/core.c:2642 WARNING: CPU: 0 PID: 8120 at lib/debugobjects.c:514 debug_print_object+0x1a0/0x2a0 lib/debugobjects.c:514 Fix that by grabbing the sysfs mutex as the rest of the MCA sysfs code does. Reported by: Yue Sun <samsun1006219@...il.com> Reported by: xingwei lee <xrivendell7@...il.com> The Linux kernel CVE team has assigned CVE-2024-35876 to this issue. Affected and fixed versions =========================== Fixed in 5.4.274 with commit 976b1b2680fb Fixed in 5.10.215 with commit f5e65b782f3e Fixed in 5.15.154 with commit f860595512ff Fixed in 6.1.85 with commit 20a915154ccb Fixed in 6.6.26 with commit 5a02df3e9247 Fixed in 6.8.5 with commit 32223b0b60d5 Fixed in 6.9 with commit 3ddf944b32f8 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-35876 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: arch/x86/kernel/cpu/mce/core.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/976b1b2680fb4c01aaf05a0623288d87619a6c93 https://git.kernel.org/stable/c/f5e65b782f3e07324b9a8fa3cdaee422f057c758 https://git.kernel.org/stable/c/f860595512ff5c05a29fa4d64169c3fd1186b8cf https://git.kernel.org/stable/c/20a915154ccb88da08986ab6c9fc4c1cf6259de2 https://git.kernel.org/stable/c/5a02df3e92470efd589712925b5c722e730276a0 https://git.kernel.org/stable/c/32223b0b60d53f49567fc501f91ca076ae96be6b https://git.kernel.org/stable/c/3ddf944b32f88741c303f0b21459dbb3872b8bc5
Powered by blists - more mailing lists