| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024062432-CVE-2024-39292-e5c2@gregkh> Date: Mon, 24 Jun 2024 15:52:33 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-39292: um: Add winch to winch_handlers before registering winch IRQ Description =========== In the Linux kernel, the following vulnerability has been resolved: um: Add winch to winch_handlers before registering winch IRQ Registering a winch IRQ is racy, an interrupt may occur before the winch is added to the winch_handlers list. If that happens, register_winch_irq() adds to that list a winch that is scheduled to be (or has already been) freed, causing a panic later in winch_cleanup(). Avoid the race by adding the winch to the winch_handlers list before registering the IRQ, and rolling back if um_request_irq() fails. The Linux kernel CVE team has assigned CVE-2024-39292 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.23 with commit 42a359e31a0e and fixed in 4.19.316 with commit 66ea9a7c6824 Issue introduced in 2.6.23 with commit 42a359e31a0e and fixed in 5.4.278 with commit dc1ff95602ee Issue introduced in 2.6.23 with commit 42a359e31a0e and fixed in 5.10.219 with commit 351d1a645449 Issue introduced in 2.6.23 with commit 42a359e31a0e and fixed in 5.15.161 with commit 31960d991e43 Issue introduced in 2.6.23 with commit 42a359e31a0e and fixed in 6.1.93 with commit 0c02d425a2fb Issue introduced in 2.6.23 with commit 42a359e31a0e and fixed in 6.6.33 with commit 434a06c38ee1 Issue introduced in 2.6.23 with commit 42a359e31a0e and fixed in 6.9.4 with commit 73b8e21f76c7 Issue introduced in 2.6.23 with commit 42a359e31a0e and fixed in 6.10-rc1 with commit a0fbbd36c156 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-39292 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: arch/um/drivers/line.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/66ea9a7c6824821476914bed21a476cd20094f33 https://git.kernel.org/stable/c/dc1ff95602ee908fcd7d8acee7a0dadb61b1a0c0 https://git.kernel.org/stable/c/351d1a64544944b44732f6a64ed65573b00b9e14 https://git.kernel.org/stable/c/31960d991e43c8d6dc07245f19fc13398e90ead2 https://git.kernel.org/stable/c/0c02d425a2fbe52643a5859a779db0329e7dddd4 https://git.kernel.org/stable/c/434a06c38ee1217a8baa0dd7c37cc85d50138fb0 https://git.kernel.org/stable/c/73b8e21f76c7dda4905655d2e2c17dc5a73b87f1 https://git.kernel.org/stable/c/a0fbbd36c156b9f7b2276871d499c9943dfe5101
Powered by blists - more mailing lists