| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024072911-CVE-2024-42095-9b55@gregkh> Date: Mon, 29 Jul 2024 19:40:13 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-42095: serial: 8250_omap: Implementation of Errata i2310 Description =========== In the Linux kernel, the following vulnerability has been resolved: serial: 8250_omap: Implementation of Errata i2310 As per Errata i2310[0], Erroneous timeout can be triggered, if this Erroneous interrupt is not cleared then it may leads to storm of interrupts, therefore apply Errata i2310 solution. [0] https://www.ti.com/lit/pdf/sprz536 page 23 The Linux kernel CVE team has assigned CVE-2024-42095 to this issue. Affected and fixed versions =========================== Issue introduced in 5.10.50 with commit 9443acbd251f and fixed in 5.10.221 with commit cb8793006698 Issue introduced in 5.14 with commit b67e830d38fa and fixed in 5.15.162 with commit 87257a28271c Issue introduced in 5.14 with commit b67e830d38fa and fixed in 6.1.97 with commit 98840e410d53 Issue introduced in 5.14 with commit b67e830d38fa and fixed in 6.6.37 with commit e67d7f38008e Issue introduced in 5.14 with commit b67e830d38fa and fixed in 6.9.8 with commit 6270051f6560 Issue introduced in 5.14 with commit b67e830d38fa and fixed in 6.10 with commit 9d141c1e6157 Issue introduced in 5.12.17 with commit bf1bcca53c35 Issue introduced in 5.13.2 with commit ed87ec89b7f6 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-42095 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/tty/serial/8250/8250_omap.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/cb879300669881970eabebe64bd509dbbe42b9de https://git.kernel.org/stable/c/87257a28271c828a98f762bf2dd803c1793d2b5b https://git.kernel.org/stable/c/98840e410d53329f5331ecdce095e740791963d0 https://git.kernel.org/stable/c/e67d7f38008e56fb691b6a72cadf16c107c2f48b https://git.kernel.org/stable/c/6270051f656004ca5cde644c73cb1fa4d718792e https://git.kernel.org/stable/c/9d141c1e615795eeb93cd35501ad144ee997a826
Powered by blists - more mailing lists