cve-2024-26842
Vulnerability from cvelistv5
Published
2024-04-17 10:10
Modified
2024-09-11 17:33
Severity
Summary
scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd()
References
SourceURLTags
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7ac9e18f5d66087cd22751c5c5bf0090eb0038fe
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a992425d18e5f7c48931121993c6c69426f2a8fb
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b513d30d59bb383a6a5d6b533afcab2cee99a8f8
Impacted products
VendorProduct
LinuxLinux
LinuxLinux
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.670Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7ac9e18f5d66087cd22751c5c5bf0090eb0038fe"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a992425d18e5f7c48931121993c6c69426f2a8fb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b513d30d59bb383a6a5d6b533afcab2cee99a8f8"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26842",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:48:48.100282Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:28.498Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/ufs/core/ufshcd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7ac9e18f5d66",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "a992425d18e5",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "b513d30d59bb",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/ufs/core/ufshcd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix shift issue in ufshcd_clear_cmd()\n\nWhen task_tag \u003e= 32 (in MCQ mode) and sizeof(unsigned int) == 4, 1U \u003c\u003c\ntask_tag will out of bounds for a u32 mask. Fix this up to prevent\nSHIFT_ISSUE (bitwise shifts that are out of bounds for their data type).\n\n[name:debug_monitors\u0026]Unexpected kernel BRK exception at EL1\n[name:traps\u0026]Internal error: BRK handler: 00000000f2005514 [#1] PREEMPT SMP\n[name:mediatek_cpufreq_hw\u0026]cpufreq stop DVFS log done\n[name:mrdump\u0026]Kernel Offset: 0x1ba5800000 from 0xffffffc008000000\n[name:mrdump\u0026]PHYS_OFFSET: 0x80000000\n[name:mrdump\u0026]pstate: 22400005 (nzCv daif +PAN -UAO)\n[name:mrdump\u0026]pc : [0xffffffdbaf52bb2c] ufshcd_clear_cmd+0x280/0x288\n[name:mrdump\u0026]lr : [0xffffffdbaf52a774] ufshcd_wait_for_dev_cmd+0x3e4/0x82c\n[name:mrdump\u0026]sp : ffffffc0081471b0\n\u003csnip\u003e\nWorkqueue: ufs_eh_wq_0 ufshcd_err_handler\nCall trace:\n dump_backtrace+0xf8/0x144\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x9c\n dump_stack+0x18/0x44\n mrdump_common_die+0x254/0x480 [mrdump]\n ipanic_die+0x20/0x30 [mrdump]\n notify_die+0x15c/0x204\n die+0x10c/0x5f8\n arm64_notify_die+0x74/0x13c\n do_debug_exception+0x164/0x26c\n el1_dbg+0x64/0x80\n el1h_64_sync_handler+0x3c/0x90\n el1h_64_sync+0x68/0x6c\n ufshcd_clear_cmd+0x280/0x288\n ufshcd_wait_for_dev_cmd+0x3e4/0x82c\n ufshcd_exec_dev_cmd+0x5bc/0x9ac\n ufshcd_verify_dev_init+0x84/0x1c8\n ufshcd_probe_hba+0x724/0x1ce0\n ufshcd_host_reset_and_restore+0x260/0x574\n ufshcd_reset_and_restore+0x138/0xbd0\n ufshcd_err_handler+0x1218/0x2f28\n process_one_work+0x5fc/0x1140\n worker_thread+0x7d8/0xe20\n kthread+0x25c/0x468\n ret_from_fork+0x10/0x20"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T05:23:40.447Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7ac9e18f5d66087cd22751c5c5bf0090eb0038fe"
        },
        {
          "url": "https://git.kernel.org/stable/c/a992425d18e5f7c48931121993c6c69426f2a8fb"
        },
        {
          "url": "https://git.kernel.org/stable/c/b513d30d59bb383a6a5d6b533afcab2cee99a8f8"
        }
      ],
      "title": "scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd()",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26842",
    "datePublished": "2024-04-17T10:10:07.430Z",
    "dateReserved": "2024-02-19T14:20:24.182Z",
    "dateUpdated": "2024-09-11T17:33:28.498Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-26842\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-04-17T10:15:09.997\",\"lastModified\":\"2024-04-17T12:48:07.510\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nscsi: ufs: core: Fix shift issue in ufshcd_clear_cmd()\\n\\nWhen task_tag \u003e= 32 (in MCQ mode) and sizeof(unsigned int) == 4, 1U \u003c\u003c\\ntask_tag will out of bounds for a u32 mask. Fix this up to prevent\\nSHIFT_ISSUE (bitwise shifts that are out of bounds for their data type).\\n\\n[name:debug_monitors\u0026]Unexpected kernel BRK exception at EL1\\n[name:traps\u0026]Internal error: BRK handler: 00000000f2005514 [#1] PREEMPT SMP\\n[name:mediatek_cpufreq_hw\u0026]cpufreq stop DVFS log done\\n[name:mrdump\u0026]Kernel Offset: 0x1ba5800000 from 0xffffffc008000000\\n[name:mrdump\u0026]PHYS_OFFSET: 0x80000000\\n[name:mrdump\u0026]pstate: 22400005 (nzCv daif +PAN -UAO)\\n[name:mrdump\u0026]pc : [0xffffffdbaf52bb2c] ufshcd_clear_cmd+0x280/0x288\\n[name:mrdump\u0026]lr : [0xffffffdbaf52a774] ufshcd_wait_for_dev_cmd+0x3e4/0x82c\\n[name:mrdump\u0026]sp : ffffffc0081471b0\\n\u003csnip\u003e\\nWorkqueue: ufs_eh_wq_0 ufshcd_err_handler\\nCall trace:\\n dump_backtrace+0xf8/0x144\\n show_stack+0x18/0x24\\n dump_stack_lvl+0x78/0x9c\\n dump_stack+0x18/0x44\\n mrdump_common_die+0x254/0x480 [mrdump]\\n ipanic_die+0x20/0x30 [mrdump]\\n notify_die+0x15c/0x204\\n die+0x10c/0x5f8\\n arm64_notify_die+0x74/0x13c\\n do_debug_exception+0x164/0x26c\\n el1_dbg+0x64/0x80\\n el1h_64_sync_handler+0x3c/0x90\\n el1h_64_sync+0x68/0x6c\\n ufshcd_clear_cmd+0x280/0x288\\n ufshcd_wait_for_dev_cmd+0x3e4/0x82c\\n ufshcd_exec_dev_cmd+0x5bc/0x9ac\\n ufshcd_verify_dev_init+0x84/0x1c8\\n ufshcd_probe_hba+0x724/0x1ce0\\n ufshcd_host_reset_and_restore+0x260/0x574\\n ufshcd_reset_and_restore+0x138/0xbd0\\n ufshcd_err_handler+0x1218/0x2f28\\n process_one_work+0x5fc/0x1140\\n worker_thread+0x7d8/0xe20\\n kthread+0x25c/0x468\\n ret_from_fork+0x10/0x20\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: scsi: ufs: core: solucione el problema de cambio en ufshcd_clear_cmd() Cuando task_tag \u0026gt;= 32 (en modo MCQ) y sizeof(unsigned int) == 4, 1U \u0026lt;\u0026lt; task_tag ser\u00e1 fuera de los l\u00edmites para una m\u00e1scara u32. Solucione esto para evitar SHIFT_ISSUE (desplazamientos bit a bit que est\u00e1n fuera de los l\u00edmites de su tipo de datos). [nombre:debug_monitors\u0026amp;]Excepci\u00f3n inesperada de BRK del kernel en EL1 [nombre:traps\u0026amp;]Error interno: controlador BRK: 00000000f2005514 [#1] PREEMPT SMP [nombre:mediatek_cpufreq_hw\u0026amp;]cpufreq detiene el registro DVFS hecho [nombre:mrdump\u0026amp;]Kernel Offset: 0x1ba5800000 de 0xffffffc0 08000000 [nombre:mrdump\u0026amp;]PHYS_OFFSET: 0x80000000 [nombre:mrdump\u0026amp;]pstate: 22400005 (nzCv daif +PAN -UAO) [nombre:mrdump\u0026amp;]pc: [0xffffffdbaf52bb2c] ufshcd_clear_cmd+0x280/0x288 [nombre:mrdump\u0026amp;]lr: [0xffffffdbaf52 a774] ufshcd_wait_for_dev_cmd +0x3e4/0x82c [nombre:mrdump\u0026amp;]sp: ffffffc0081471b0  Cola de trabajo: ufs_eh_wq_0 ufshcd_err_handler Rastreo de llamadas: dump_backtrace+0xf8/0x144 show_stack+0x18/0x24 dump_stack_lvl+0x78/0x9c dump_stack+0x1 8/0x44 mrdump_common_die+0x254/0x480 [mrdump] ipanic_die+0x20/0x30 [mrdump] notify_die+0x15c/0x204 die+0x10c/0x5f8 arm64_notify_die+0x74/0x13c do_debug_exception+0x164/0x26c el1_dbg+0x64/0x80 el1h_64_sync_handler+0x3c/0x90 el 1h_64_sync+0x68/0x6c ufshcd_clear_cmd+0x280/0x288 ufshcd_wait_for_dev_cmd+ 0x3e4/0x82c ufshcd_exec_dev_cmd+0x5bc/0x9ac ufshcd_verify_dev_init+0x84/0x1c8 ufshcd_probe_hba+0x724/0x1ce0 ufshcd_host_reset_and_restore+0x260/0x574 ufshcd_reset_and_restore+0x13 8/0xbd0 ufshcd_err_handler+0x1218/0x2f28 proceso_one_work+0x5fc/0x1140 trabajador_thread+0x7d8/0xe20 kthread+0x25c/0x468 ret_from_fork+ 0x10/0x20\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/7ac9e18f5d66087cd22751c5c5bf0090eb0038fe\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a992425d18e5f7c48931121993c6c69426f2a8fb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b513d30d59bb383a6a5d6b533afcab2cee99a8f8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.