| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025011532-CVE-2024-39282-491b@gregkh> Date: Wed, 15 Jan 2025 14:10:33 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-39282: net: wwan: t7xx: Fix FSM command timeout issue Description =========== In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: Fix FSM command timeout issue When driver processes the internal state change command, it use an asynchronous thread to process the command operation. If the main thread detects that the task has timed out, the asynchronous thread will panic when executing the completion notification because the main thread completion object has been released. BUG: unable to handle page fault for address: fffffffffffffff8 PGD 1f283a067 P4D 1f283a067 PUD 1f283c067 PMD 0 Oops: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:complete_all+0x3e/0xa0 [...] Call Trace: <TASK> ? __die_body+0x68/0xb0 ? page_fault_oops+0x379/0x3e0 ? exc_page_fault+0x69/0xa0 ? asm_exc_page_fault+0x22/0x30 ? complete_all+0x3e/0xa0 fsm_main_thread+0xa3/0x9c0 [mtk_t7xx (HASH:1400 5)] ? __pfx_autoremove_wake_function+0x10/0x10 kthread+0xd8/0x110 ? __pfx_fsm_main_thread+0x10/0x10 [mtk_t7xx (HASH:1400 5)] ? __pfx_kthread+0x10/0x10 ret_from_fork+0x38/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> [...] CR2: fffffffffffffff8 ---[ end trace 0000000000000000 ]--- Use the reference counter to ensure safe release as Sergey suggests: https://lore.kernel.org/all/da90f64c-260a-4329-87bf-1f9ff20a5951@gmail.com/ The Linux kernel CVE team has assigned CVE-2024-39282 to this issue. Affected and fixed versions =========================== Issue introduced in 5.19 with commit 13e920d93e37fcaef4a9309515798a3cae9dcf19 and fixed in 6.1.124 with commit b8ab9bd0c8855cd5a6f4e0265083576257ff3fc5 Issue introduced in 5.19 with commit 13e920d93e37fcaef4a9309515798a3cae9dcf19 and fixed in 6.6.70 with commit 0cd3bde081cd3452c875fa1e5c55834c670d6e05 Issue introduced in 5.19 with commit 13e920d93e37fcaef4a9309515798a3cae9dcf19 and fixed in 6.12.9 with commit e6e6882a1590cbdaca77a31a02f4954327237e14 Issue introduced in 5.19 with commit 13e920d93e37fcaef4a9309515798a3cae9dcf19 and fixed in 6.13-rc6 with commit 4f619d518db9cd1a933c3a095a5f95d0c1584ae8 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-39282 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/wwan/t7xx/t7xx_state_monitor.c drivers/net/wwan/t7xx/t7xx_state_monitor.h Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/b8ab9bd0c8855cd5a6f4e0265083576257ff3fc5 https://git.kernel.org/stable/c/0cd3bde081cd3452c875fa1e5c55834c670d6e05 https://git.kernel.org/stable/c/e6e6882a1590cbdaca77a31a02f4954327237e14 https://git.kernel.org/stable/c/4f619d518db9cd1a933c3a095a5f95d0c1584ae8
Powered by blists - more mailing lists