CVE-2024-26605 - OpenCVE

Vendors	Products
Linux	Linux Kernel

Link	Resource
https://git.kernel.org/stable/c/0f7908a016c092cfdaa16d785fa5099d867bc1a3
https://git.kernel.org/stable/c/1e560864159d002b453da42bd2c13a1805515a20	Patch
https://git.kernel.org/stable/c/b0f4478838be1f1d330061201898fef65bf8fd7c
https://git.kernel.org/stable/c/ef90508574d7af48420bdc5f7b9a4f1cdd26bc70	Patch

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-26605", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.130Z", "datePublished": "2024-02-24T15:17:13.899Z", "dateUpdated": "2024-05-29T05:19:25.393Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:19:25.393Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/ASPM: Fix deadlock when enabling ASPM\n\nA last minute revert in 6.7-final introduced a potential deadlock when\nenabling ASPM during probe of Qualcomm PCIe controllers as reported by\nlockdep:\n\n ============================================\n WARNING: possible recursive locking detected\n 6.7.0 #40 Not tainted\n --------------------------------------------\n kworker/u16:5/90 is trying to acquire lock:\n ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pcie_aspm_pm_state_change+0x58/0xdc\n\n but task is already holding lock:\n ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pci_walk_bus+0x34/0xbc\n\n other info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(pci_bus_sem);\n lock(pci_bus_sem);\n\n *** DEADLOCK ***\n\n Call trace:\n print_deadlock_bug+0x25c/0x348\n __lock_acquire+0x10a4/0x2064\n lock_acquire+0x1e8/0x318\n down_read+0x60/0x184\n pcie_aspm_pm_state_change+0x58/0xdc\n pci_set_full_power_state+0xa8/0x114\n pci_set_power_state+0xc4/0x120\n qcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom]\n pci_walk_bus+0x64/0xbc\n qcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom]\n\nThe deadlock can easily be reproduced on machines like the Lenovo ThinkPad\nX13s by adding a delay to increase the race window during asynchronous\nprobe where another thread can take a write lock.\n\nAdd a new pci_set_power_state_locked() and associated helper functions that\ncan be called with the PCI bus semaphore held to avoid taking the read lock\ntwice."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/pci/bus.c", "drivers/pci/controller/dwc/pcie-qcom.c", "drivers/pci/pci.c", "drivers/pci/pci.h", "drivers/pci/pcie/aspm.c", "include/linux/pci.h"], "versions": [{"version": "b9c370b61d73", "lessThan": "0f7908a016c0", "status": "affected", "versionType": "git"}, {"version": "8cc22ba3f77c", "lessThan": "b0f4478838be", "status": "affected", "versionType": "git"}, {"version": "f93e71aea6c6", "lessThan": "ef90508574d7", "status": "affected", "versionType": "git"}, {"version": "f93e71aea6c6", "lessThan": "1e560864159d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/pci/bus.c", "drivers/pci/controller/dwc/pcie-qcom.c", "drivers/pci/pci.c", "drivers/pci/pci.h", "drivers/pci/pcie/aspm.c", "include/linux/pci.h"], "versions": [{"version": "6.7", "status": "affected"}, {"version": "0", "lessThan": "6.7", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.88", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.29", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.7.5", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/0f7908a016c092cfdaa16d785fa5099d867bc1a3"}, {"url": "https://git.kernel.org/stable/c/b0f4478838be1f1d330061201898fef65bf8fd7c"}, {"url": "https://git.kernel.org/stable/c/ef90508574d7af48420bdc5f7b9a4f1cdd26bc70"}, {"url": "https://git.kernel.org/stable/c/1e560864159d002b453da42bd2c13a1805515a20"}], "title": "PCI/ASPM: Fix deadlock when enabling ASPM", "x_generator": {"engine": "bippy-a5840b7849dd"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "06B690E0-5DAC-44EC-947A-D6E4EB0475CA", "versionEndExcluding": "6.7.5", "versionStartIncluding": "6.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/ASPM: Fix deadlock when enabling ASPM\n\nA last minute revert in 6.7-final introduced a potential deadlock when\nenabling ASPM during probe of Qualcomm PCIe controllers as reported by\nlockdep:\n\n ============================================\n WARNING: possible recursive locking detected\n 6.7.0 #40 Not tainted\n --------------------------------------------\n kworker/u16:5/90 is trying to acquire lock:\n ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pcie_aspm_pm_state_change+0x58/0xdc\n\n but task is already holding lock:\n ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pci_walk_bus+0x34/0xbc\n\n other info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(pci_bus_sem);\n lock(pci_bus_sem);\n\n *** DEADLOCK ***\n\n Call trace:\n print_deadlock_bug+0x25c/0x348\n __lock_acquire+0x10a4/0x2064\n lock_acquire+0x1e8/0x318\n down_read+0x60/0x184\n pcie_aspm_pm_state_change+0x58/0xdc\n pci_set_full_power_state+0xa8/0x114\n pci_set_power_state+0xc4/0x120\n qcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom]\n pci_walk_bus+0x64/0xbc\n qcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom]\n\nThe deadlock can easily be reproduced on machines like the Lenovo ThinkPad\nX13s by adding a delay to increase the race window during asynchronous\nprobe where another thread can take a write lock.\n\nAdd a new pci_set_power_state_locked() and associated helper functions that\ncan be called with the PCI bus semaphore held to avoid taking the read lock\ntwice."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: PCI/ASPM: solucion\u00f3 el punto muerto al habilitar ASPM. Una reversi\u00f3n de \u00faltimo minuto en 6.7-final introdujo un posible punto muerto al habilitar ASPM durante la prueba de los controladores PCIe de Qualcomm, seg\u00fan lo informado por lockdep: === ========================================= ADVERTENCIA: posible bloqueo recursivo detectado 6.7.0 #40 No contaminado -------------------------------------------- kworker/ u16:5/90 est\u00e1 intentando adquirir el bloqueo: ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, en: pcie_aspm_pm_state_change+0x58/0xdc pero la tarea ya mantiene el bloqueo: ffffacfa78ced000 (pci_bus_sem){+++ +}-{3:3}, en: pci_walk_bus+0x34/0xbc otra informaci\u00f3n que podr\u00eda ayudarnos a depurar esto: Posible escenario de bloqueo inseguro: CPU0 ---- lock(pci_bus_sem); bloquear(pci_bus_sem); *** DEADLOCK *** Rastreo de llamadas: print_deadlock_bug+0x25c/0x348 __lock_acquire+0x10a4/0x2064 lock_acquire+0x1e8/0x318 down_read+0x60/0x184 pcie_aspm_pm_state_change+0x58/0xdc pci_set_full_power_state+0xa8/0x114 pci_ set_power_state+0xc4/0x120 qcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom] pci_walk_bus+0x64/0xbc qcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom] El punto muerto se puede reproducir f\u00e1cilmente en m\u00e1quinas como la Lenovo ThinkPad X13s agregando un retraso para aumentar la ventana de carrera durante la prueba as\u00edncrona donde otro hilo puede tomar un bloqueo de escritura. Agregue un nuevo pci_set_power_state_locked() y funciones auxiliares asociadas que se pueden llamar con el sem\u00e1foro del bus PCI retenido para evitar tomar el bloqueo de lectura dos veces."}], "id": "CVE-2024-26605", "lastModified": "2024-04-28T12:15:19.740", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-26T16:28:00.207", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0f7908a016c092cfdaa16d785fa5099d867bc1a3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1e560864159d002b453da42bd2c13a1805515a20"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b0f4478838be1f1d330061201898fef65bf8fd7c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ef90508574d7af48420bdc5f7b9a4f1cdd26bc70"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-667"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

JSON object

JSON object

JSON object