CVE-2024-26933
Vulnerability from cvelistv5
Published
2024-05-01 05:17
Modified
2024-11-05 09:18
Severity ?
Summary
USB: core: Fix deadlock in port "disable" sysfs attribute
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.581Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9dac54f08198147f5ec0ec52fcf1bc8ac899ac05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f51849833705dea5b4f9b0c8de714dd87bd6c95c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4facc9421117ba9d8148c73771b213887fec77f7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/73d1589b91f2099e5f6534a8497b7c6b527e064e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f4d1960764d8a70318b02f15203a1be2b2554ca1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26933",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:45:52.195176Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:52.820Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/core/port.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9dac54f08198",
              "status": "affected",
              "version": "f061f43d7418",
              "versionType": "git"
            },
            {
              "lessThan": "f51849833705",
              "status": "affected",
              "version": "f061f43d7418",
              "versionType": "git"
            },
            {
              "lessThan": "4facc9421117",
              "status": "affected",
              "version": "f061f43d7418",
              "versionType": "git"
            },
            {
              "lessThan": "73d1589b91f2",
              "status": "affected",
              "version": "f061f43d7418",
              "versionType": "git"
            },
            {
              "lessThan": "f4d1960764d8",
              "status": "affected",
              "version": "f061f43d7418",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/core/port.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "lessThan": "6.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Fix deadlock in port \"disable\" sysfs attribute\n\nThe show and store callback routines for the \"disable\" sysfs attribute\nfile in port.c acquire the device lock for the port\u0027s parent hub\ndevice.  This can cause problems if another process has locked the hub\nto remove it or change its configuration:\n\n\tRemoving the hub or changing its configuration requires the\n\thub interface to be removed, which requires the port device\n\tto be removed, and device_del() waits until all outstanding\n\tsysfs attribute callbacks for the ports have returned.  The\n\tlock can\u0027t be released until then.\n\n\tBut the disable_show() or disable_store() routine can\u0027t return\n\tuntil after it has acquired the lock.\n\nThe resulting deadlock can be avoided by calling\nsysfs_break_active_protection().  This will cause the sysfs core not\nto wait for the attribute\u0027s callback routine to return, allowing the\nremoval to proceed.  The disadvantage is that after making this call,\nthere is no guarantee that the hub structure won\u0027t be deallocated at\nany moment.  To prevent this, we have to acquire a reference to it\nfirst by calling hub_get()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:18:27.103Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9dac54f08198147f5ec0ec52fcf1bc8ac899ac05"
        },
        {
          "url": "https://git.kernel.org/stable/c/f51849833705dea5b4f9b0c8de714dd87bd6c95c"
        },
        {
          "url": "https://git.kernel.org/stable/c/4facc9421117ba9d8148c73771b213887fec77f7"
        },
        {
          "url": "https://git.kernel.org/stable/c/73d1589b91f2099e5f6534a8497b7c6b527e064e"
        },
        {
          "url": "https://git.kernel.org/stable/c/f4d1960764d8a70318b02f15203a1be2b2554ca1"
        }
      ],
      "title": "USB: core: Fix deadlock in port \"disable\" sysfs attribute",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26933",
    "datePublished": "2024-05-01T05:17:23.289Z",
    "dateReserved": "2024-02-19T14:20:24.195Z",
    "dateUpdated": "2024-11-05T09:18:27.103Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-26933\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-01T06:15:07.930\",\"lastModified\":\"2024-05-23T19:12:43.773\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nUSB: core: Fix deadlock in port \\\"disable\\\" sysfs attribute\\n\\nThe show and store callback routines for the \\\"disable\\\" sysfs attribute\\nfile in port.c acquire the device lock for the port\u0027s parent hub\\ndevice.  This can cause problems if another process has locked the hub\\nto remove it or change its configuration:\\n\\n\\tRemoving the hub or changing its configuration requires the\\n\\thub interface to be removed, which requires the port device\\n\\tto be removed, and device_del() waits until all outstanding\\n\\tsysfs attribute callbacks for the ports have returned.  The\\n\\tlock can\u0027t be released until then.\\n\\n\\tBut the disable_show() or disable_store() routine can\u0027t return\\n\\tuntil after it has acquired the lock.\\n\\nThe resulting deadlock can be avoided by calling\\nsysfs_break_active_protection().  This will cause the sysfs core not\\nto wait for the attribute\u0027s callback routine to return, allowing the\\nremoval to proceed.  The disadvantage is that after making this call,\\nthere is no guarantee that the hub structure won\u0027t be deallocated at\\nany moment.  To prevent this, we have to acquire a reference to it\\nfirst by calling hub_get().\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: USB: core: corrige el punto muerto en el atributo sysfs \\\"disable\\\" del puerto. Las rutinas de devoluci\u00f3n de llamada para mostrar y almacenar para el archivo del atributo sysfs \\\"disable\\\" en port.c adquieren el bloqueo del dispositivo para el puerto. dispositivo central principal. Esto puede causar problemas si otro proceso ha bloqueado el concentrador para eliminarlo o cambiar su configuraci\u00f3n: Quitar el concentrador o cambiar su configuraci\u00f3n requiere que se elimine la interfaz del concentrador, lo que requiere que se elimine el dispositivo del puerto, y device_del() espera hasta que todo Se han devuelto devoluciones de llamadas de atributos sysfs pendientes para los puertos. El bloqueo no podr\u00e1 desbloquearse hasta entonces. Pero la rutina enable_show() o enable_store() no puede regresar hasta que haya adquirido el bloqueo. El punto muerto resultante se puede evitar llamando a sysfs_break_active_protection(). Esto har\u00e1 que el n\u00facleo de sysfs no espere a que regrese la rutina de devoluci\u00f3n de llamada del atributo, lo que permitir\u00e1 que contin\u00fae la eliminaci\u00f3n. La desventaja es que despu\u00e9s de realizar esta llamada, no hay garant\u00eda de que la estructura del centro no se desasignar\u00e1 en ning\u00fan momento. Para evitar esto, primero debemos adquirir una referencia llamando a hub_get().\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.1.84\",\"matchCriteriaId\":\"247198E8-0497-4DB2-A365-EEEC6A2C8D19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2.0\",\"versionEndExcluding\":\"6.6.24\",\"matchCriteriaId\":\"D15F9C27-5FEC-4D9D-9C75-6CB330C0B299\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7.0\",\"versionEndExcluding\":\"6.7.12\",\"matchCriteriaId\":\"0E4663C3-7D71-4DA9-9A13-EC2E448147C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.8.0\",\"versionEndExcluding\":\"6.8.3\",\"matchCriteriaId\":\"57497073-82D5-4695-AA8B-363CA1C033BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.9:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1E2BC41-356E-412A-9B5D-9B5EFCB4E942\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/4facc9421117ba9d8148c73771b213887fec77f7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/73d1589b91f2099e5f6534a8497b7c6b527e064e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9dac54f08198147f5ec0ec52fcf1bc8ac899ac05\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f4d1960764d8a70318b02f15203a1be2b2554ca1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f51849833705dea5b4f9b0c8de714dd87bd6c95c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.