| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024073026-CVE-2024-42127-c29c@gregkh> Date: Tue, 30 Jul 2024 09:47:45 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-42127: drm/lima: fix shared irq handling on driver remove Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/lima: fix shared irq handling on driver remove lima uses a shared interrupt, so the interrupt handlers must be prepared to be called at any time. At driver removal time, the clocks are disabled early and the interrupts stay registered until the very end of the remove process due to the devm usage. This is potentially a bug as the interrupts access device registers which assumes clocks are enabled. A crash can be triggered by removing the driver in a kernel with CONFIG_DEBUG_SHIRQ enabled. This patch frees the interrupts at each lima device finishing callback so that the handlers are already unregistered by the time we fully disable clocks. The Linux kernel CVE team has assigned CVE-2024-42127 to this issue. Affected and fixed versions =========================== Fixed in 5.4.280 with commit 0d60c43df59e Fixed in 5.10.222 with commit 25d0d9b83d85 Fixed in 5.15.163 with commit 17fe8b75aaf0 Fixed in 6.1.98 with commit 0a487e977cb8 Fixed in 6.6.39 with commit 04d531b9a187 Fixed in 6.9.9 with commit b5daf9217a50 Fixed in 6.10 with commit a6683c690bbf Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-42127 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/lima/lima_gp.c drivers/gpu/drm/lima/lima_mmu.c drivers/gpu/drm/lima/lima_pp.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/0d60c43df59ef01c08dc7b0c45495178f9d05a13 https://git.kernel.org/stable/c/25d0d9b83d855cbc5d5aa5ae3cd79d55ea0c84a8 https://git.kernel.org/stable/c/17fe8b75aaf0bb1bdc31368963446b421c22d0af https://git.kernel.org/stable/c/0a487e977cb8897ae4c51ecd34bbaa2b005266c9 https://git.kernel.org/stable/c/04d531b9a1875846d4f89953b469ad463aa7a770 https://git.kernel.org/stable/c/b5daf9217a50636a969bc1965f827878aeb09ffe https://git.kernel.org/stable/c/a6683c690bbfd1f371510cb051e8fa49507f3f5e
Powered by blists - more mailing lists