lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024081732-CVE-2024-43849-fef0@gregkh> Date: Sat, 17 Aug 2024 11:22:53 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-43849: soc: qcom: pdr: protect locator_addr with the main mutex Description =========== In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: protect locator_addr with the main mutex If the service locator server is restarted fast enough, the PDR can rewrite locator_addr fields concurrently. Protect them by placing modification of those fields under the main pdr->lock. The Linux kernel CVE team has assigned CVE-2024-43849 to this issue. Affected and fixed versions =========================== Issue introduced in 5.7 with commit fbe639b44a82 and fixed in 6.1.103 with commit 475a77fb3f0e Issue introduced in 5.7 with commit fbe639b44a82 and fixed in 6.6.44 with commit 3e815626d73e Issue introduced in 5.7 with commit fbe639b44a82 and fixed in 6.10.3 with commit 8543269567e2 Issue introduced in 5.7 with commit fbe639b44a82 and fixed in 6.11-rc1 with commit 107924c14e3d Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-43849 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/soc/qcom/pdr_interface.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/475a77fb3f0e1d527f56c60b79f5879661df5b80 https://git.kernel.org/stable/c/3e815626d73e05152a8142f6e44aecc4133e6e08 https://git.kernel.org/stable/c/8543269567e2fb3d976a8255c5e348aed14f98bc https://git.kernel.org/stable/c/107924c14e3ddd85119ca43c26a4ee1056fa9b84
Powered by blists - more mailing lists