| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024111933-CVE-2024-53070-6eea@gregkh> Date: Tue, 19 Nov 2024 18:22:41 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-53070: usb: dwc3: fix fault at system suspend if device was already runtime suspended Description =========== In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: fix fault at system suspend if device was already runtime suspended If the device was already runtime suspended then during system suspend we cannot access the device registers else it will crash. Also we cannot access any registers after dwc3_core_exit() on some platforms so move the dwc3_enable_susphy() call to the top. The Linux kernel CVE team has assigned CVE-2024-53070 to this issue. Affected and fixed versions =========================== Issue introduced in 5.15.170 with commit 073530898ebf and fixed in 5.15.172 with commit d9e65d461a9d Issue introduced in 6.1.115 with commit 85ca88f93162 and fixed in 6.1.117 with commit 562804b1561c Issue introduced in 6.6.59 with commit 4fad73700867 and fixed in 6.6.61 with commit 4abc5ee334fe Issue introduced in 6.11.5 with commit a690a9e38e6b and fixed in 6.11.8 with commit 06b98197b69e Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-53070 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/usb/dwc3/core.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/d9e65d461a9de037e7c9d584776d025cfce6d86d https://git.kernel.org/stable/c/562804b1561cc248cc37746a1c96c83cab1d7209 https://git.kernel.org/stable/c/4abc5ee334fe4aba50461c45fdaaa4c5e5c57789 https://git.kernel.org/stable/c/06b98197b69e2f2af9cb1991ee0b1c876edf7b86 https://git.kernel.org/stable/c/9cfb31e4c89d200d8ab7cb1e0bb9e6e8d621ca0b
Powered by blists - more mailing lists