cve/2024/CVE-2024-44951.md

### [CVE-2024-44951](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44951)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=4409df5866b7%3C%2009cfe05e9907%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In the Linux kernel, the following vulnerability has been resolved:serial: sc16is7xx: fix TX fifo corruptionSometimes, when a packet is received on channel A at almost the same timeas a packet is about to be transmitted on channel B, we observe with alogic analyzer that the received packet on channel A is transmitted onchannel B. In other words, the Tx buffer data on channel B is corruptedwith data from channel A.The problem appeared since commit 4409df5866b7 ("serial: sc16is7xx: changeEFR lock to operate on each channels"), which changed the EFR locking tooperate on each channel instead of chip-wise.This commit has introduced a regression, because the EFR lock is used notonly to protect the EFR registers access, but also, in a very obscure andundocumented way, to protect access to the data buffer, which is shared bythe Tx and Rx handlers, but also by each channel of the IC.Fix this regression first by switching to kfifo_out_linear_ptr() insc16is7xx_handle_tx() to eliminate the need for a shared Rx/Tx buffer.Secondly, replace the chip-wise Rx buffer with a separate Rx buffer foreach channel.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/bygregonline/devsec-fastapi-report