admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-467xx/CVE-2024-46704.json
cad-safe-bot 9c199e9877 Auto-Update: 2024-09-19T14:01:10.133728+00:00
2024-09-19 14:04:10 +00:00

109 lines
6.9 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-46704",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-13T07:15:05.397",
"lastModified": "2024-09-19T13:32:39.257",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nworkqueue: Fix spruious data race in __flush_work()\n\nWhen flushing a work item for cancellation, __flush_work() knows that it\nexclusively owns the work item through its PENDING bit. 134874e2eee9\n(\"workqueue: Allow cancel_work_sync() and disable_work() from atomic\ncontexts on BH work items\") added a read of @work->data to determine whether\nto use busy wait for BH work items that are being canceled. While the read\nis safe when @from_cancel, @work->data was read before testing @from_cancel\nto simplify code structure:\n\n\tdata = *work_data_bits(work);\n\tif (from_cancel &&\n\t !WARN_ON_ONCE(data & WORK_STRUCT_PWQ) && (data & WORK_OFFQ_BH)) {\n\nWhile the read data was never used if !@from_cancel, this could trigger\nKCSAN data race detection spuriously:\n\n ==================================================================\n BUG: KCSAN: data-race in __flush_work / __flush_work\n\n write to 0xffff8881223aa3e8 of 8 bytes by task 3998 on cpu 0:\n instrument_write include/linux/instrumented.h:41 [inline]\n ___set_bit include/asm-generic/bitops/instrumented-non-atomic.h:28 [inline]\n insert_wq_barrier kernel/workqueue.c:3790 [inline]\n start_flush_work kernel/workqueue.c:4142 [inline]\n __flush_work+0x30b/0x570 kernel/workqueue.c:4178\n flush_work kernel/workqueue.c:4229 [inline]\n ...\n\n read to 0xffff8881223aa3e8 of 8 bytes by task 50 on cpu 1:\n __flush_work+0x42a/0x570 kernel/workqueue.c:4188\n flush_work kernel/workqueue.c:4229 [inline]\n flush_delayed_work+0x66/0x70 kernel/workqueue.c:4251\n ...\n\n value changed: 0x0000000000400000 -> 0xffff88810006c00d\n\nReorganize the code so that @from_cancel is tested before @work->data is\naccessed. The only problem is triggering KCSAN detection spuriously. This\nshouldn't need READ_ONCE() or other access qualifiers.\n\nNo functional changes."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: workqueue: Fix spruious data race in __flush_work() Al vaciar un elemento de trabajo para su cancelaci\u00f3n, __flush_work() sabe que posee exclusivamente el elemento de trabajo a trav\u00e9s de su bit PENDING. 134874e2eee9 (\"workqueue: Allow cancel_work_sync() and disable_work() from atomic contexts on BH work items\") agreg\u00f3 una lectura de @work->data para determinar si se debe usar la espera activa para los elementos de trabajo de BH que se est\u00e1n cancelando. Si bien la lectura es segura cuando @from_cancel, @work->data se ley\u00f3 antes de probar @from_cancel para simplificar la estructura del c\u00f3digo: data = *work_data_bits(work); if (from_cancel && !WARN_ON_ONCE(data & WORK_STRUCT_PWQ) && (data & WORK_OFFQ_BH)) { Si bien los datos le\u00eddos nunca se usaron si !@from_cancel, esto podr\u00eda activar la detecci\u00f3n de ejecuci\u00f3n de datos de KCSAN de manera espuria: ====================================================================== ERROR: KCSAN: carrera de datos en __flush_work / __flush_work escribe en 0xffff8881223aa3e8 de 8 bytes por la tarea 3998 en la CPU 0: instrument_write include/linux/instrumented.h:41 [en l\u00ednea] ___set_bit include/asm-generic/bitops/instrumented-non-atomic.h:28 [en l\u00ednea] insert_wq_barrier kernel/workqueue.c:3790 [en l\u00ednea] start_flush_work kernel/workqueue.c:4142 [en l\u00ednea] __flush_work+0x30b/0x570 kernel/workqueue.c:4178 flush_work kernel/workqueue.c:4229 [en l\u00ednea] ... le\u00eddo hasta 0xffff8881223aa3e8 de 8 bytes por la tarea 50 en la CPU 1: __flush_work+0x42a/0x570 kernel/workqueue.c:4188 flush_work kernel/workqueue.c:4229 [en l\u00ednea] flush_delayed_work+0x66/0x70 kernel/workqueue.c:4251 ... valor cambiado: 0x0000000000400000 -> 0xffff88810006c00d Reorganice el c\u00f3digo para que @from_cancel se pruebe antes de acceder a @work->data. El \u00fanico problema es que se activa la detecci\u00f3n de KCSAN de manera espuria. Esto no deber\u00eda necesitar READ_ONCE() ni otros calificadores de acceso. No hay cambios funcionales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.10",
"versionEndExcluding": "6.10.7",
"matchCriteriaId": "E55C1263-DF43-41EF-8DA8-2BA68DF4FFFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/8bc35475ef1a23b0e224f3242eb11c76cab0ea88",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/91d09642127a32fde231face2ff489af70eef316",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink