Описание
In the Linux kernel, the following vulnerability has been resolved:
x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()
Modifying a MCA bank's MCA_CTL bits which control which error types to be reported is done over
/sys/devices/system/machinecheck/ ├── machinecheck0 │ ├── bank0 │ ├── bank1 │ ├── bank10 │ ├── bank11 ...
sysfs nodes by writing the new bit mask of events to enable.
When the write is accepted, the kernel deletes all current timers and reinits all banks.
Doing that in parallel can lead to initializing a timer which is already armed and in the timer wheel, i.e., in use already:
ODEBUG: init active (active state 0) object: ffff888063a28000 object type: timer_list hint: mce_timer_fn+0x0/0x240 arch/x86/kernel/cpu/mce/core.c:2642 WARNING: CPU: 0 PID: 8120 at lib/debugobjects.c:514 debug_print_object+0x1a0/0x2a0 lib/debugobjects.c:514
Fix that by grabbing the sysfs mutex as the rest of th...
In the Linux kernel, the following vulnerability has been resolved:
x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()
Modifying a MCA bank's MCA_CTL bits which control which error types to be reported is done over
/sys/devices/system/machinecheck/ ├── machinecheck0 │ ├── bank0 │ ├── bank1 │ ├── bank10 │ ├── bank11 ...
sysfs nodes by writing the new bit mask of events to enable.
When the write is accepted, the kernel deletes all current timers and reinits all banks.
Doing that in parallel can lead to initializing a timer which is already armed and in the timer wheel, i.e., in use already:
ODEBUG: init active (active state 0) object: ffff888063a28000 object type: timer_list hint: mce_timer_fn+0x0/0x240 arch/x86/kernel/cpu/mce/core.c:2642 WARNING: CPU: 0 PID: 8120 at lib/debugobjects.c:514 debug_print_object+0x1a0/0x2a0 lib/debugobjects.c:514
Fix that by grabbing the sysfs mutex as the rest of the MCA sysfs code does.
Reported by: Yue Sun samsun1006219@gmail.com Reported by: xingwei lee xrivendell7@gmail.com
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-35876
- https://git.kernel.org/stable/c/20a915154ccb88da08986ab6c9fc4c1cf6259de2
- https://git.kernel.org/stable/c/32223b0b60d53f49567fc501f91ca076ae96be6b
- https://git.kernel.org/stable/c/3ddf944b32f88741c303f0b21459dbb3872b8bc5
- https://git.kernel.org/stable/c/5a02df3e92470efd589712925b5c722e730276a0
- https://git.kernel.org/stable/c/976b1b2680fb4c01aaf05a0623288d87619a6c93
- https://git.kernel.org/stable/c/f5e65b782f3e07324b9a8fa3cdaee422f057c758
- https://git.kernel.org/stable/c/f860595512ff5c05a29fa4d64169c3fd1186b8cf
CVE ID
Связанные уязвимости
[REJECTED CVE] In the Linux kernel, the following vulnerability has been resolved: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() The Linux kernel CVE team has assigned CVE-2024-35876 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051943-CVE-2024-35876-d9b5@gregkh/T
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
