| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022634-CVE-2022-49304-db99@gregkh>
Date: Wed, 26 Feb 2025 03:09:38 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2022-49304: drivers: tty: serial: Fix deadlock in sa1100_set_termios()
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
drivers: tty: serial: Fix deadlock in sa1100_set_termios()
There is a deadlock in sa1100_set_termios(), which is shown
below:
(Thread 1) | (Thread 2)
| sa1100_enable_ms()
sa1100_set_termios() | mod_timer()
spin_lock_irqsave() //(1) | (wait a time)
... | sa1100_timeout()
del_timer_sync() | spin_lock_irqsave() //(2)
(wait timer to stop) | ...
We hold sport->port.lock in position (1) of thread 1 and
use del_timer_sync() to wait timer to stop, but timer handler
also need sport->port.lock in position (2) of thread 2. As a result,
sa1100_set_termios() will block forever.
This patch moves del_timer_sync() before spin_lock_irqsave()
in order to prevent the deadlock.
The Linux kernel CVE team has assigned CVE-2022-49304 to this issue.
Affected and fixed versions
===========================
Fixed in 4.9.318 with commit 0976808d0d171ec837d4bd3e9f4ad4a00ab703b8
Fixed in 4.14.283 with commit 85e20f8bd31a46d8c60103d0274a8ebe8f47f2b2
Fixed in 4.19.247 with commit 920f0ae7a129ffee98a106e3bbdfd61a2a59e939
Fixed in 5.4.198 with commit 09a5958a2452ad22d0cb638711ef34ea1863a829
Fixed in 5.10.122 with commit 6e2273eefab54a521d9c59efb6e1114e742bdf41
Fixed in 5.15.47 with commit 2cbfc38df580bff5b2fe19f21c1a7520efcc4b3b
Fixed in 5.17.15 with commit 553213432ef0c295becdc08c0207d2094468f673
Fixed in 5.18.4 with commit 34d91e555e5582cffdbcbb75517bc9217866823e
Fixed in 5.19 with commit 62b2caef400c1738b6d22f636c628d9f85cd4c4c
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2022-49304
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/tty/serial/sa1100.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/0976808d0d171ec837d4bd3e9f4ad4a00ab703b8
https://git.kernel.org/stable/c/85e20f8bd31a46d8c60103d0274a8ebe8f47f2b2
https://git.kernel.org/stable/c/920f0ae7a129ffee98a106e3bbdfd61a2a59e939
https://git.kernel.org/stable/c/09a5958a2452ad22d0cb638711ef34ea1863a829
https://git.kernel.org/stable/c/6e2273eefab54a521d9c59efb6e1114e742bdf41
https://git.kernel.org/stable/c/2cbfc38df580bff5b2fe19f21c1a7520efcc4b3b
https://git.kernel.org/stable/c/553213432ef0c295becdc08c0207d2094468f673
https://git.kernel.org/stable/c/34d91e555e5582cffdbcbb75517bc9217866823e
https://git.kernel.org/stable/c/62b2caef400c1738b6d22f636c628d9f85cd4c4c
Powered by blists - more mailing lists