| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024122923-CVE-2024-56722-5594@gregkh> Date: Sun, 29 Dec 2024 12:29:23 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-56722: RDMA/hns: Fix cpu stuck caused by printings during reset Description =========== In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix cpu stuck caused by printings during reset During reset, cmd to destroy resources such as qp, cq, and mr may fail, and error logs will be printed. When a large number of resources are destroyed, there will be lots of printings, and it may lead to a cpu stuck. Delete some unnecessary printings and replace other printing functions in these paths with the ratelimited version. The Linux kernel CVE team has assigned CVE-2024-56722 to this issue. Affected and fixed versions =========================== Issue introduced in 4.9 with commit 9a4435375cd151e07c0c38fa601b00115986091b and fixed in 6.1.120 with commit 31c6fe9b79ed42440094f2367897aea0c0ce96ec Issue introduced in 4.9 with commit 9a4435375cd151e07c0c38fa601b00115986091b and fixed in 6.6.64 with commit b4ba31e5aaffbda9b22d9a35c40b16dc39e475a6 Issue introduced in 4.9 with commit 9a4435375cd151e07c0c38fa601b00115986091b and fixed in 6.11.11 with commit a0e4c78770faa0d56d47391476fe1d827e72eded Issue introduced in 4.9 with commit 9a4435375cd151e07c0c38fa601b00115986091b and fixed in 6.12.2 with commit e2e64f9c42c717beb459ab209ec1c4baa73d3760 Issue introduced in 4.9 with commit 9a4435375cd151e07c0c38fa601b00115986091b and fixed in 6.13-rc1 with commit 323275ac2ff15b2b7b3eac391ae5d8c5a3c3a999 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-56722 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/infiniband/hw/hns/hns_roce_cq.c drivers/infiniband/hw/hns/hns_roce_hem.c drivers/infiniband/hw/hns/hns_roce_hw_v2.c drivers/infiniband/hw/hns/hns_roce_mr.c drivers/infiniband/hw/hns/hns_roce_srq.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/31c6fe9b79ed42440094f2367897aea0c0ce96ec https://git.kernel.org/stable/c/b4ba31e5aaffbda9b22d9a35c40b16dc39e475a6 https://git.kernel.org/stable/c/a0e4c78770faa0d56d47391476fe1d827e72eded https://git.kernel.org/stable/c/e2e64f9c42c717beb459ab209ec1c4baa73d3760 https://git.kernel.org/stable/c/323275ac2ff15b2b7b3eac391ae5d8c5a3c3a999
Powered by blists - more mailing lists