| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024122440-CVE-2024-53240-0cf5@gregkh> Date: Tue, 24 Dec 2024 10:22:41 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-53240: xen/netfront: fix crash when removing device Description =========== In the Linux kernel, the following vulnerability has been resolved: xen/netfront: fix crash when removing device When removing a netfront device directly after a suspend/resume cycle it might happen that the queues have not been setup again, causing a crash during the attempt to stop the queues another time. Fix that by checking the queues are existing before trying to stop them. This is XSA-465 / CVE-2024-53240. The Linux kernel CVE team has assigned CVE-2024-53240 to this issue. Affected and fixed versions =========================== Issue introduced in 5.4.227 with commit ed773dd798bf720756d20021b8d8a4a3d7184bda and fixed in 5.4.288 with commit 20f7f0cf7af5d81b218202ef504223af84b16a8f Issue introduced in 5.10.159 with commit e6860c889f4ad50b6ab696f5ea154295d72cf27a and fixed in 5.10.232 with commit 1d5354a9182b6d302ae10367cbec1ca339d4e4e7 Issue introduced in 5.15.83 with commit e6e897d4fe2f89c0bd94600a40bedf5e6e75e050 and fixed in 5.15.175 with commit 2657ba851fa3381256d81e431b20041dc232fd88 Issue introduced in 6.1 with commit d50b7914fae04d840ce36491d22133070b18cca9 and fixed in 6.1.121 with commit 8b41e6bccf7de93982781be4125211443382e66d Issue introduced in 6.1 with commit d50b7914fae04d840ce36491d22133070b18cca9 and fixed in 6.6.67 with commit fe9a8f5250aed0948b668c8a4e051e3b0fc29f09 Issue introduced in 6.1 with commit d50b7914fae04d840ce36491d22133070b18cca9 and fixed in 6.12.6 with commit 7728e974ffbf14f17648dd92ea640b42b654d47c Issue introduced in 6.1 with commit d50b7914fae04d840ce36491d22133070b18cca9 and fixed in 6.13-rc4 with commit f9244fb55f37356f75c739c57323d9422d7aa0f8 Issue introduced in 4.19.269 with commit 99859947517e446058ad7243ee81d2f9801fa3dd Issue introduced in 6.0.13 with commit f2dd60fd3fe98bd36a91b0c6e10bfe9d66258f84 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-53240 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/xen-netfront.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/20f7f0cf7af5d81b218202ef504223af84b16a8f https://git.kernel.org/stable/c/1d5354a9182b6d302ae10367cbec1ca339d4e4e7 https://git.kernel.org/stable/c/2657ba851fa3381256d81e431b20041dc232fd88 https://git.kernel.org/stable/c/8b41e6bccf7de93982781be4125211443382e66d https://git.kernel.org/stable/c/fe9a8f5250aed0948b668c8a4e051e3b0fc29f09 https://git.kernel.org/stable/c/7728e974ffbf14f17648dd92ea640b42b654d47c https://git.kernel.org/stable/c/f9244fb55f37356f75c739c57323d9422d7aa0f8
Powered by blists - more mailing lists