CVE-2024-26902
Vulnerability from cvelistv5
Published
2024-04-17 10:27
Modified
2024-11-05 09:17
Severity ?
Summary
perf: RISCV: Fix panic on pmu overflow handler
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.483Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3ede8e94de6b834b48b0643385e66363e7a04be9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9f599ba3b9cc4bdb8ec1e3f0feddd41bf9d296d6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/34b567868777e9fd39ec5333969728a7f0cf179c"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26902",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:48:03.217895Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:22.798Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/perf/riscv_pmu_sbi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3ede8e94de6b",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "9f599ba3b9cc",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "34b567868777",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/perf/riscv_pmu_sbi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: RISCV: Fix panic on pmu overflow handler\n\n(1 \u003c\u003c idx) of int is not desired when setting bits in unsigned long\noverflowed_ctrs, use BIT() instead. This panic happens when running\n\u0027perf record -e branches\u0027 on sophgo sg2042.\n\n[  273.311852] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000098\n[  273.320851] Oops [#1]\n[  273.323179] Modules linked in:\n[  273.326303] CPU: 0 PID: 1475 Comm: perf Not tainted 6.6.0-rc3+ #9\n[  273.332521] Hardware name: Sophgo Mango (DT)\n[  273.336878] epc : riscv_pmu_ctr_get_width_mask+0x8/0x62\n[  273.342291]  ra : pmu_sbi_ovf_handler+0x2e0/0x34e\n[  273.347091] epc : ffffffff80aecd98 ra : ffffffff80aee056 sp : fffffff6e36928b0\n[  273.354454]  gp : ffffffff821f82d0 tp : ffffffd90c353200 t0 : 0000002ade4f9978\n[  273.361815]  t1 : 0000000000504d55 t2 : ffffffff8016cd8c s0 : fffffff6e3692a70\n[  273.369180]  s1 : 0000000000000020 a0 : 0000000000000000 a1 : 00001a8e81800000\n[  273.376540]  a2 : 0000003c00070198 a3 : 0000003c00db75a4 a4 : 0000000000000015\n[  273.383901]  a5 : ffffffd7ff8804b0 a6 : 0000000000000015 a7 : 000000000000002a\n[  273.391327]  s2 : 000000000000ffff s3 : 0000000000000000 s4 : ffffffd7ff8803b0\n[  273.398773]  s5 : 0000000000504d55 s6 : ffffffd905069800 s7 : ffffffff821fe210\n[  273.406139]  s8 : 000000007fffffff s9 : ffffffd7ff8803b0 s10: ffffffd903f29098\n[  273.413660]  s11: 0000000080000000 t3 : 0000000000000003 t4 : ffffffff8017a0ca\n[  273.421022]  t5 : ffffffff8023cfc2 t6 : ffffffd9040780e8\n[  273.426437] status: 0000000200000100 badaddr: 0000000000000098 cause: 000000000000000d\n[  273.434512] [\u003cffffffff80aecd98\u003e] riscv_pmu_ctr_get_width_mask+0x8/0x62\n[  273.441169] [\u003cffffffff80076bd8\u003e] handle_percpu_devid_irq+0x98/0x1ee\n[  273.447562] [\u003cffffffff80071158\u003e] generic_handle_domain_irq+0x28/0x36\n[  273.454151] [\u003cffffffff8047a99a\u003e] riscv_intc_irq+0x36/0x4e\n[  273.459659] [\u003cffffffff80c944de\u003e] handle_riscv_irq+0x4a/0x74\n[  273.465442] [\u003cffffffff80c94c48\u003e] do_irq+0x62/0x92\n[  273.470360] Code: 0420 60a2 6402 5529 0141 8082 0013 0000 0013 0000 (6d5c) b783\n[  273.477921] ---[ end trace 0000000000000000 ]---\n[  273.482630] Kernel panic - not syncing: Fatal exception in interrupt"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:17:55.320Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3ede8e94de6b834b48b0643385e66363e7a04be9"
        },
        {
          "url": "https://git.kernel.org/stable/c/9f599ba3b9cc4bdb8ec1e3f0feddd41bf9d296d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/34b567868777e9fd39ec5333969728a7f0cf179c"
        }
      ],
      "title": "perf: RISCV: Fix panic on pmu overflow handler",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26902",
    "datePublished": "2024-04-17T10:27:51.042Z",
    "dateReserved": "2024-02-19T14:20:24.187Z",
    "dateUpdated": "2024-11-05T09:17:55.320Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-26902\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-04-17T11:15:11.013\",\"lastModified\":\"2024-04-29T19:40:05.897\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nperf: RISCV: Fix panic on pmu overflow handler\\n\\n(1 \u003c\u003c idx) of int is not desired when setting bits in unsigned long\\noverflowed_ctrs, use BIT() instead. This panic happens when running\\n\u0027perf record -e branches\u0027 on sophgo sg2042.\\n\\n[  273.311852] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000098\\n[  273.320851] Oops [#1]\\n[  273.323179] Modules linked in:\\n[  273.326303] CPU: 0 PID: 1475 Comm: perf Not tainted 6.6.0-rc3+ #9\\n[  273.332521] Hardware name: Sophgo Mango (DT)\\n[  273.336878] epc : riscv_pmu_ctr_get_width_mask+0x8/0x62\\n[  273.342291]  ra : pmu_sbi_ovf_handler+0x2e0/0x34e\\n[  273.347091] epc : ffffffff80aecd98 ra : ffffffff80aee056 sp : fffffff6e36928b0\\n[  273.354454]  gp : ffffffff821f82d0 tp : ffffffd90c353200 t0 : 0000002ade4f9978\\n[  273.361815]  t1 : 0000000000504d55 t2 : ffffffff8016cd8c s0 : fffffff6e3692a70\\n[  273.369180]  s1 : 0000000000000020 a0 : 0000000000000000 a1 : 00001a8e81800000\\n[  273.376540]  a2 : 0000003c00070198 a3 : 0000003c00db75a4 a4 : 0000000000000015\\n[  273.383901]  a5 : ffffffd7ff8804b0 a6 : 0000000000000015 a7 : 000000000000002a\\n[  273.391327]  s2 : 000000000000ffff s3 : 0000000000000000 s4 : ffffffd7ff8803b0\\n[  273.398773]  s5 : 0000000000504d55 s6 : ffffffd905069800 s7 : ffffffff821fe210\\n[  273.406139]  s8 : 000000007fffffff s9 : ffffffd7ff8803b0 s10: ffffffd903f29098\\n[  273.413660]  s11: 0000000080000000 t3 : 0000000000000003 t4 : ffffffff8017a0ca\\n[  273.421022]  t5 : ffffffff8023cfc2 t6 : ffffffd9040780e8\\n[  273.426437] status: 0000000200000100 badaddr: 0000000000000098 cause: 000000000000000d\\n[  273.434512] [\u003cffffffff80aecd98\u003e] riscv_pmu_ctr_get_width_mask+0x8/0x62\\n[  273.441169] [\u003cffffffff80076bd8\u003e] handle_percpu_devid_irq+0x98/0x1ee\\n[  273.447562] [\u003cffffffff80071158\u003e] generic_handle_domain_irq+0x28/0x36\\n[  273.454151] [\u003cffffffff8047a99a\u003e] riscv_intc_irq+0x36/0x4e\\n[  273.459659] [\u003cffffffff80c944de\u003e] handle_riscv_irq+0x4a/0x74\\n[  273.465442] [\u003cffffffff80c94c48\u003e] do_irq+0x62/0x92\\n[  273.470360] Code: 0420 60a2 6402 5529 0141 8082 0013 0000 0013 0000 (6d5c) b783\\n[  273.477921] ---[ end trace 0000000000000000 ]---\\n[  273.482630] Kernel panic - not syncing: Fatal exception in interrupt\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: perf: RISCV: no se desea corregir el p\u00e1nico en el controlador de desbordamiento de pmu (1 \u0026lt;\u0026lt; idx) de int al configurar bits en overflowed_ctrs largos sin firmar; use BIT() en su lugar. Este p\u00e1nico ocurre cuando se ejecuta \u0027perf record -e sucursales\u0027 en sophgo sg2042. [273.311852] No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000098 [273.320851] Ups [#1] [273.323179] M\u00f3dulos vinculados en: [273.326303] CPU: 0 PID: 1475 Comm: perf No contaminado 6.6.0- rc3+#9 [ 273.332521] Nombre de hardware: Sophgo Mango (DT) [ 273.336878] epc : riscv_pmu_ctr_get_width_mask+0x8/0x62 [ 273.342291] ra : pmu_sbi_ovf_handler+0x2e0/0x34e [ 273.347091] epc : ffff80aecd98 ra: ffffffff80aee056 sp: ffffff6e36928b0 [273.354454] gp: ffffffff821f82d0 tp : ffffffd90c353200 T0: 0000002ade4f9978 [273.361815] T1: 000000000000504D55 T2: FFFFFFFF8016CD8C S0: FFFFFFF66E3692A70 [273.369180] 1A8E81800000 [273.376540] A2: 0000003C00070198 A3: 0000003C00DB75A4 A4: 000000000000000015 [273.383901] A5: FFFFFFD7FF8804B0 A6: 0000000000000015 a7: 000000000000002a [273.391327] s2: 000000000000ffff s3: 0000000000000000 s4: ffffffd7ff8803b0 [273.398773] s5: 0000000000504d55 s6: ffffffd905069800 s7: ffffffff821fe210 [273.406139] s8: 000000007ffffff s9: ffffffd7ff8803b0 s10: ffffffd903f29098 [273.413660] s11: 00080000000 t3: 0000000000000003 t4: ffffffff8017a0ca [273.421022] t5: ffffffff8023cfc2 t6: ffffffd9040780e8 [273.426437] estado: 0000000200000100 badaddr: 0000000000000098 causa: 00000d [ 273.434512] [] riscv_pmu_ctr_get_width_mask+0x8/0x62 [ 273.441169] [] handle_percpu_devid_irq+0x98/0x1ee [ 273.447562 ] [] generic_handle_domain_irq+0x28/0x36 [ 273.454151] [] riscv_intc_irq+0x36/0x4e [ 273.459659] [] 0x4a/0x74 [ 273.465442] [] do_irq+0x62/0x92 [ 273.470360] C\u00f3digo: 0420 60a2 6402 5529 0141 8082 0013 0000 0013 0000 (6d5c) b783 [ 273.477921] ---[ final de seguimiento 0000000000000000 ]--- 273.482 630] P\u00e1nico del kernel: no se sincroniza: excepci\u00f3n fatal en la interrupci\u00f3n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.6.23\",\"matchCriteriaId\":\"A48FA276-450A-4D05-B2B2-E15741A34A25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.7.11\",\"matchCriteriaId\":\"9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/34b567868777e9fd39ec5333969728a7f0cf179c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3ede8e94de6b834b48b0643385e66363e7a04be9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9f599ba3b9cc4bdb8ec1e3f0feddd41bf9d296d6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.