| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024061951-CVE-2024-38553-2e34@gregkh>
Date: Wed, 19 Jun 2024 15:36:02 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlocks
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
net: fec: remove .ndo_poll_controller to avoid deadlocks
There is a deadlock issue found in sungem driver, please refer to the
commit ac0a230f719b ("eth: sungem: remove .ndo_poll_controller to avoid
deadlocks"). The root cause of the issue is that netpoll is in atomic
context and disable_irq() is called by .ndo_poll_controller interface
of sungem driver, however, disable_irq() might sleep. After analyzing
the implementation of fec_poll_controller(), the fec driver should have
the same issue. Due to the fec driver uses NAPI for TX completions, the
.ndo_poll_controller is unnecessary to be implemented in the fec driver,
so fec_poll_controller() can be safely removed.
The Linux kernel CVE team has assigned CVE-2024-38553 to this issue.
Affected and fixed versions
===========================
Issue introduced in 3.2 with commit 7f5c6addcdc0 and fixed in 6.6.33 with commit d38625f71950
Issue introduced in 3.2 with commit 7f5c6addcdc0 and fixed in 6.8.12 with commit accdd6b912c4
Issue introduced in 3.2 with commit 7f5c6addcdc0 and fixed in 6.9.3 with commit 87bcbc9b7e0b
Issue introduced in 3.2 with commit 7f5c6addcdc0 and fixed in 6.10-rc1 with commit c2e0c58b25a0
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-38553
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/net/ethernet/freescale/fec_main.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/d38625f71950e79e254515c5fc585552dad4b33e
https://git.kernel.org/stable/c/accdd6b912c4219b8e056d1f1ad2e85bc66ee243
https://git.kernel.org/stable/c/87bcbc9b7e0b43a69d44efa5f32f11e32d08fa6f
https://git.kernel.org/stable/c/c2e0c58b25a0a0c37ec643255558c5af4450c9f5
Powered by blists - more mailing lists