| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024091853-CVE-2024-46791-af66@gregkh>
Date: Wed, 18 Sep 2024 09:17:26 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-46791: can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open
The mcp251x_hw_wake() function is called with the mpc_lock mutex held and
disables the interrupt handler so that no interrupts can be processed while
waking the device. If an interrupt has already occurred then waiting for
the interrupt handler to complete will deadlock because it will be trying
to acquire the same mutex.
CPU0 CPU1
---- ----
mcp251x_open()
mutex_lock(&priv->mcp_lock)
request_threaded_irq()
<interrupt>
mcp251x_can_ist()
mutex_lock(&priv->mcp_lock)
mcp251x_hw_wake()
disable_irq() <-- deadlock
Use disable_irq_nosync() instead because the interrupt handler does
everything while holding the mutex so it doesn't matter if it's still
running.
The Linux kernel CVE team has assigned CVE-2024-46791 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.5 with commit 8ce8c0abcba3 and fixed in 5.10.226 with commit 3a49b6b1caf5
Issue introduced in 5.5 with commit 8ce8c0abcba3 and fixed in 5.15.167 with commit 513c8fc189b5
Issue introduced in 5.5 with commit 8ce8c0abcba3 and fixed in 6.1.110 with commit f7ab9e14b23a
Issue introduced in 5.5 with commit 8ce8c0abcba3 and fixed in 6.6.51 with commit 8fecde9c3f9a
Issue introduced in 5.5 with commit 8ce8c0abcba3 and fixed in 6.10.10 with commit e554113a1cd2
Issue introduced in 5.5 with commit 8ce8c0abcba3 and fixed in 6.11 with commit 7dd9c26bd6cf
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-46791
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/net/can/spi/mcp251x.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/3a49b6b1caf5cefc05264d29079d52c99cb188e0
https://git.kernel.org/stable/c/513c8fc189b52f7922e36bdca58997482b198f0e
https://git.kernel.org/stable/c/f7ab9e14b23a3eac6714bdc4dba244d8aa1ef646
https://git.kernel.org/stable/c/8fecde9c3f9a4b97b68bb97c9f47e5b662586ba7
https://git.kernel.org/stable/c/e554113a1cd2a9cfc6c7af7bdea2141c5757e188
https://git.kernel.org/stable/c/7dd9c26bd6cf679bcfdef01a8659791aa6487a29
Powered by blists - more mailing lists