| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024062119-CVE-2024-38780-d90f@gregkh>
Date: Fri, 21 Jun 2024 13:15:19 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-38780: dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
Since commit a6aa8fca4d79 ("dma-buf/sw-sync: Reduce irqsave/irqrestore from
known context") by error replaced spin_unlock_irqrestore() with
spin_unlock_irq() for both sync_debugfs_show() and sync_print_obj() despite
sync_print_obj() is called from sync_debugfs_show(), lockdep complains
inconsistent lock state warning.
Use plain spin_{lock,unlock}() for sync_print_obj(), for
sync_debugfs_show() is already using spin_{lock,unlock}_irq().
The Linux kernel CVE team has assigned CVE-2024-38780 to this issue.
Affected and fixed versions
===========================
Issue introduced in 4.14 with commit a6aa8fca4d79 and fixed in 4.19.316 with commit 1ff116f68560
Issue introduced in 4.14 with commit a6aa8fca4d79 and fixed in 5.4.278 with commit 165b25e3ee93
Issue introduced in 4.14 with commit a6aa8fca4d79 and fixed in 5.10.219 with commit ae6fc4e6a332
Issue introduced in 4.14 with commit a6aa8fca4d79 and fixed in 5.15.161 with commit 9d75fab2c14a
Issue introduced in 4.14 with commit a6aa8fca4d79 and fixed in 6.1.93 with commit 242b30466879
Issue introduced in 4.14 with commit a6aa8fca4d79 and fixed in 6.6.33 with commit a4ee78244445
Issue introduced in 4.14 with commit a6aa8fca4d79 and fixed in 6.9.4 with commit 8a283cdfc8be
Issue introduced in 4.14 with commit a6aa8fca4d79 and fixed in 6.10-rc2 with commit b79491896151
Issue introduced in 4.9.68 with commit f14ad42b8743
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-38780
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/dma-buf/sync_debug.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/1ff116f68560a25656933d5a18e7619cb6773d8a
https://git.kernel.org/stable/c/165b25e3ee9333f7b04f8db43895beacb51582ed
https://git.kernel.org/stable/c/ae6fc4e6a3322f6d1c8ff59150d8469487a73dd8
https://git.kernel.org/stable/c/9d75fab2c14a25553a1664586ed122c316bd1878
https://git.kernel.org/stable/c/242b30466879e6defa521573c27e12018276c33a
https://git.kernel.org/stable/c/a4ee78244445ab73af22bfc5a5fc543963b25aef
https://git.kernel.org/stable/c/8a283cdfc8beeb14024387a925247b563d614e1e
https://git.kernel.org/stable/c/b794918961516f667b0c745aebdfebbb8a98df39
Powered by blists - more mailing lists