| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025011122-CVE-2024-50051-d822@gregkh> Date: Sat, 11 Jan 2025 13:25:29 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-50051: spi: mpc52xx: Add cancel_work_sync before module remove Description =========== In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: Add cancel_work_sync before module remove If we remove the module which will call mpc52xx_spi_remove it will free 'ms' through spi_unregister_controller. while the work ms->work will be used. The sequence of operations that may lead to a UAF bug. Fix it by ensuring that the work is canceled before proceeding with the cleanup in mpc52xx_spi_remove. The Linux kernel CVE team has assigned CVE-2024-50051 to this issue. Affected and fixed versions =========================== Issue introduced in 3.1 with commit ca632f556697d45d67ed5cada7cedf3ddfe0db4b and fixed in 5.4.287 with commit d0cde3911cf24e1bcdd4caa1d1b9ef57589db5a1 Issue introduced in 3.1 with commit ca632f556697d45d67ed5cada7cedf3ddfe0db4b and fixed in 5.10.231 with commit e0c6ce8424095c2da32a063d3fc027494c689817 Issue introduced in 3.1 with commit ca632f556697d45d67ed5cada7cedf3ddfe0db4b and fixed in 5.15.174 with commit cd5106c77d6d6828aa82449f01f4eb436d602a21 Issue introduced in 3.1 with commit ca632f556697d45d67ed5cada7cedf3ddfe0db4b and fixed in 6.1.120 with commit 373d55a47dc662e5e30d12ad5d334312f757c1f1 Issue introduced in 3.1 with commit ca632f556697d45d67ed5cada7cedf3ddfe0db4b and fixed in 6.6.66 with commit f65d85bc1ffd8a2c194bb2cd65e35ed3648ddd59 Issue introduced in 3.1 with commit ca632f556697d45d67ed5cada7cedf3ddfe0db4b and fixed in 6.12.5 with commit 90b72189de2cddacb26250579da0510b29a8b82b Issue introduced in 3.1 with commit ca632f556697d45d67ed5cada7cedf3ddfe0db4b and fixed in 6.13-rc2 with commit 984836621aad98802d92c4a3047114cf518074c8 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-50051 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/spi/spi-mpc52xx.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/d0cde3911cf24e1bcdd4caa1d1b9ef57589db5a1 https://git.kernel.org/stable/c/e0c6ce8424095c2da32a063d3fc027494c689817 https://git.kernel.org/stable/c/cd5106c77d6d6828aa82449f01f4eb436d602a21 https://git.kernel.org/stable/c/373d55a47dc662e5e30d12ad5d334312f757c1f1 https://git.kernel.org/stable/c/f65d85bc1ffd8a2c194bb2cd65e35ed3648ddd59 https://git.kernel.org/stable/c/90b72189de2cddacb26250579da0510b29a8b82b https://git.kernel.org/stable/c/984836621aad98802d92c4a3047114cf518074c8
Powered by blists - more mailing lists