| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024072908-CVE-2024-41068-ed71@gregkh>
Date: Mon, 29 Jul 2024 16:58:14 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-41068: s390/sclp: Fix sclp_init() cleanup on failure
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
s390/sclp: Fix sclp_init() cleanup on failure
If sclp_init() fails it only partially cleans up: if there are multiple
failing calls to sclp_init() sclp_state_change_event will be added several
times to sclp_reg_list, which results in the following warning:
------------[ cut here ]------------
list_add double add: new=000003ffe1598c10, prev=000003ffe1598bf0, next=000003ffe1598c10.
WARNING: CPU: 0 PID: 1 at lib/list_debug.c:35 __list_add_valid_or_report+0xde/0xf8
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.10.0-rc3
Krnl PSW : 0404c00180000000 000003ffe0d6076a (__list_add_valid_or_report+0xe2/0xf8)
R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3
...
Call Trace:
[<000003ffe0d6076a>] __list_add_valid_or_report+0xe2/0xf8
([<000003ffe0d60766>] __list_add_valid_or_report+0xde/0xf8)
[<000003ffe0a8d37e>] sclp_init+0x40e/0x450
[<000003ffe00009f2>] do_one_initcall+0x42/0x1e0
[<000003ffe15b77a6>] do_initcalls+0x126/0x150
[<000003ffe15b7a0a>] kernel_init_freeable+0x1ba/0x1f8
[<000003ffe0d6650e>] kernel_init+0x2e/0x180
[<000003ffe000301c>] __ret_from_fork+0x3c/0x60
[<000003ffe0d759ca>] ret_from_fork+0xa/0x30
Fix this by removing sclp_state_change_event from sclp_reg_list when
sclp_init() fails.
The Linux kernel CVE team has assigned CVE-2024-41068 to this issue.
Affected and fixed versions
===========================
Fixed in 4.19.319 with commit a778987afc36
Fixed in 5.4.281 with commit 455a6653d870
Fixed in 5.10.223 with commit 2e51db7ab71b
Fixed in 5.15.164 with commit cf521049fcd0
Fixed in 6.1.101 with commit 79b4be70d5a1
Fixed in 6.6.42 with commit 0a31b3fdc7e7
Fixed in 6.9.11 with commit be0259796d0b
Fixed in 6.10 with commit 6434b33faaa0
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-41068
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/s390/char/sclp.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/a778987afc36d5dc02a1f82d352a81edcaf7eb83
https://git.kernel.org/stable/c/455a6653d8700a81aa8ed2b6442a3be476007090
https://git.kernel.org/stable/c/2e51db7ab71b89dc5a17068f5e201c69f13a4c9a
https://git.kernel.org/stable/c/cf521049fcd07071ed42dc9758fce7d5ee120ec6
https://git.kernel.org/stable/c/79b4be70d5a160969b805f638ac5b4efd0aac7a3
https://git.kernel.org/stable/c/0a31b3fdc7e735c4f8c65fe4339945c717ed6808
https://git.kernel.org/stable/c/be0259796d0b76bbc7461e12c186814a9e58244c
https://git.kernel.org/stable/c/6434b33faaa063df500af355ee6c3942e0f8d982
Powered by blists - more mailing lists