admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-270xx/CVE-2024-27005.json
cad-safe-bot 9d8babeec3 Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00

33 lines
4.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-27005",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-01T06:15:18.883",
"lastModified": "2024-05-13T08:15:11.680",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: Don't access req_list while it's being manipulated\n\nThe icc_lock mutex was split into separate icc_lock and icc_bw_lock\nmutexes in [1] to avoid lockdep splats. However, this didn't adequately\nprotect access to icc_node::req_list.\n\nThe icc_set_bw() function will eventually iterate over req_list while\nonly holding icc_bw_lock, but req_list can be modified while only\nholding icc_lock. This causes races between icc_set_bw(), of_icc_get(),\nand icc_put().\n\nExample A:\n\n CPU0 CPU1\n ---- ----\n icc_set_bw(path_a)\n mutex_lock(&icc_bw_lock);\n icc_put(path_b)\n mutex_lock(&icc_lock);\n aggregate_requests()\n hlist_for_each_entry(r, ...\n hlist_del(...\n <r = invalid pointer>\n\nExample B:\n\n CPU0 CPU1\n ---- ----\n icc_set_bw(path_a)\n mutex_lock(&icc_bw_lock);\n path_b = of_icc_get()\n of_icc_get_by_index()\n mutex_lock(&icc_lock);\n path_find()\n path_init()\n aggregate_requests()\n hlist_for_each_entry(r, ...\n hlist_add_head(...\n <r = invalid pointer>\n\nFix this by ensuring icc_bw_lock is always held before manipulating\nicc_node::req_list. The additional places icc_bw_lock is held don't\nperform any memory allocations, so we should still be safe from the\noriginal lockdep splats that motivated the separate locks.\n\n[1] commit af42269c3523 (\"interconnect: Fix locking for runpm vs reclaim\")"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: interconexi\u00f3n: no acceder a req_list mientras se est\u00e1 manipulando. El mutex icc_lock se dividi\u00f3 en mutex icc_lock e icc_bw_lock separados en [1] para evitar s\u00edmbolos de bloqueo. Sin embargo, esto no protegi\u00f3 adecuadamente el acceso a icc_node::req_list. La funci\u00f3n icc_set_bw() eventualmente iterar\u00e1 sobre req_list mientras solo mantiene icc_bw_lock, pero req_list se puede modificar mientras solo mantiene icc_lock. Esto provoca ejecuci\u00f3ns entre icc_set_bw(), of_icc_get() e icc_put(). Ejemplo A: CPU0 CPU1 ---- ---- icc_set_bw(path_a) mutex_lock(&amp;icc_bw_lock); icc_put(ruta_b) mutex_lock(&amp;icc_lock); agregado_requests() hlist_for_each_entry(r, ... hlist_del(... Ejemplo B: CPU0 CPU1 ---- ---- icc_set_bw(path_a) mutex_lock(&amp;icc_bw_lock); path_b = of_icc_get() of_icc_get_by_index( ) mutex_lock(&amp;icc_lock); path_find() path_init() agregado_requests() hlist_for_each_entry(r, ... hlist_add_head(... Solucione este problema asegur\u00e1ndose de que icc_bw_lock siempre se mantenga antes de manipular icc_node::req_list. El adicional Los lugares donde se mantiene icc_bw_lock no realizan ninguna asignaci\u00f3n de memoria, por lo que a\u00fan deber\u00edamos estar a salvo de los s\u00edmbolos de bloqueo originales que motivaron los bloqueos separados [1] commit af42269c3523 (\"interconexi\u00f3n: arreglar el bloqueo para runpm vs reclaim\")"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/4c65507121ea8e0b47fae6d2049c8688390d46b6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d0d04efa2e367921654b5106cc5c05e3757c2b42",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/de1bf25b6d771abdb52d43546cf57ad775fb68a1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}
Reference in New Issue View Git Blame Copy Permalink