admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-07 13:36:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-359xx/CVE-2024-35968.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

37 lines
4.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-35968",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-20T10:15:11.713",
"lastModified": "2024-11-21T09:21:19.147",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npds_core: Fix pdsc_check_pci_health function to use work thread\n\nWhen the driver notices fw_status == 0xff it tries to perform a PCI\nreset on itself via pci_reset_function() in the context of the driver's\nhealth thread. However, pdsc_reset_prepare calls\npdsc_stop_health_thread(), which attempts to stop/flush the health\nthread. This results in a deadlock because the stop/flush will never\ncomplete since the driver called pci_reset_function() from the health\nthread context. Fix by changing the pdsc_check_pci_health_function()\nto queue a newly introduced pdsc_pci_reset_thread() on the pdsc's\nwork queue.\n\nUnloading the driver in the fw_down/dead state uncovered another issue,\nwhich can be seen in the following trace:\n\nWARNING: CPU: 51 PID: 6914 at kernel/workqueue.c:1450 __queue_work+0x358/0x440\n[...]\nRIP: 0010:__queue_work+0x358/0x440\n[...]\nCall Trace:\n <TASK>\n ? __warn+0x85/0x140\n ? __queue_work+0x358/0x440\n ? report_bug+0xfc/0x1e0\n ? handle_bug+0x3f/0x70\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? __queue_work+0x358/0x440\n queue_work_on+0x28/0x30\n pdsc_devcmd_locked+0x96/0xe0 [pds_core]\n pdsc_devcmd_reset+0x71/0xb0 [pds_core]\n pdsc_teardown+0x51/0xe0 [pds_core]\n pdsc_remove+0x106/0x200 [pds_core]\n pci_device_remove+0x37/0xc0\n device_release_driver_internal+0xae/0x140\n driver_detach+0x48/0x90\n bus_remove_driver+0x6d/0xf0\n pci_unregister_driver+0x2e/0xa0\n pdsc_cleanup_module+0x10/0x780 [pds_core]\n __x64_sys_delete_module+0x142/0x2b0\n ? syscall_trace_enter.isra.18+0x126/0x1a0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7fbd9d03a14b\n[...]\n\nFix this by preventing the devcmd reset if the FW is not running."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pds_core: corrige la funci\u00f3n pdsc_check_pci_health para usar el subproceso de trabajo. Cuando el controlador nota fw_status == 0xff, intenta realizar un restablecimiento de PCI sobre s\u00ed mismo a trav\u00e9s de pci_reset_function() en el contexto del subproceso de estado del controlador. . Sin embargo, pdsc_reset_prepare llama a pdsc_stop_health_thread(), que intenta detener/vaciar el hilo de salud. Esto da como resultado un punto muerto porque la parada/vaciado nunca se completar\u00e1 ya que el controlador llam\u00f3 a pci_reset_function() desde el contexto del hilo de salud. Para solucionarlo, cambie pdsc_check_pci_health_function() para poner en cola un pdsc_pci_reset_thread() reci\u00e9n introducido en la cola de trabajo del pdsc. La descarga del controlador en el estado fw_down/dead descubri\u00f3 otro problema, que se puede ver en el siguiente seguimiento: ADVERTENCIA: CPU: 51 PID: 6914 en kernel/workqueue.c:1450 __queue_work+0x358/0x440 [...] RIP: 0010:__queue_work+0x358/0x440 [...] Seguimiento de llamadas: ? __warn+0x85/0x140 ? __queue_work+0x358/0x440? report_bug+0xfc/0x1e0? handle_bug+0x3f/0x70? exc_invalid_op+0x17/0x70? asm_exc_invalid_op+0x1a/0x20? __queue_work+0x358/0x440 queue_work_on+0x28/0x30 pdsc_devcmd_locked+0x96/0xe0 [pds_core] pdsc_devcmd_reset+0x71/0xb0 [pds_core] pdsc_teardown+0x51/0xe0 [pds_core] pdsc_remove+0x106/0x200 [pds_core] pci_device_remove+0x37/0xc0 device_release_driver_internal+0xae /0x140 driver_detach+0x48/0x90 bus_remove_driver+0x6d/0xf0 pci_unregister_driver+0x2e/0xa0 pdsc_cleanup_module+0x10/0x780 [pds_core] __x64_sys_delete_module+0x142/0x2b0 ? syscall_trace_enter.isra.18+0x126/0x1a0 do_syscall_64+0x3b/0x90 Entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7fbd9d03a14b [...] Solucione este problema evitando que devcmd se reinicie si el FW no se est\u00e1 ejecutando."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/38407914d48273d7f8ab765b9243658afe1c3ab6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/81665adf25d28a00a986533f1d3a5df76b79cad9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/38407914d48273d7f8ab765b9243658afe1c3ab6",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/81665adf25d28a00a986533f1d3a5df76b79cad9",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}
Reference in New Issue View Git Blame Copy Permalink