cve-2024-26918
Vulnerability from cvelistv5
Published
2024-04-17 15:59
Modified
2024-12-19 08:50
Summary
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix active state requirement in PME polling The commit noted in fixes added a bogus requirement that runtime PM managed devices need to be in the RPM_ACTIVE state for PME polling. In fact, only devices in low power states should be polled. However there's still a requirement that the device config space must be accessible, which has implications for both the current state of the polled device and the parent bridge, when present. It's not sufficient to assume the bridge remains in D0 and cases have been observed where the bridge passes the D0 test, but the PM state indicates RPM_SUSPENDING and config space of the polled device becomes inaccessible during pci_pme_wakeup(). Therefore, since the bridge is already effectively required to be in the RPM_ACTIVE state, formalize this in the code and elevate the PM usage count to maintain the state while polling the subordinate device. This resolves a regression reported in the bugzilla below where a Thunderbolt/USB4 hierarchy fails to scan for an attached NVMe endpoint downstream of a bridge in a D3hot power state.
Impacted products
Vendor Product Version
Linux Linux Version: 6.6
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.2,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26918",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-07T20:53:10.241105Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-04T18:41:33.301Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.864Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/63b1a3d9dd3b3f6d67f524e76270e66767090583"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a4f12e5cbac2865c151d1e97e36eb24205afb23b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/41044d5360685e78a869d40a168491a70cdb7e73"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/pci/pci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "63b1a3d9dd3b3f6d67f524e76270e66767090583",
              "status": "affected",
              "version": "d3fcd7360338358aa0036bec6d2cf0e37a0ca624",
              "versionType": "git"
            },
            {
              "lessThan": "a4f12e5cbac2865c151d1e97e36eb24205afb23b",
              "status": "affected",
              "version": "d3fcd7360338358aa0036bec6d2cf0e37a0ca624",
              "versionType": "git"
            },
            {
              "lessThan": "41044d5360685e78a869d40a168491a70cdb7e73",
              "status": "affected",
              "version": "d3fcd7360338358aa0036bec6d2cf0e37a0ca624",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/pci/pci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Fix active state requirement in PME polling\n\nThe commit noted in fixes added a bogus requirement that runtime PM managed\ndevices need to be in the RPM_ACTIVE state for PME polling.  In fact, only\ndevices in low power states should be polled.\n\nHowever there\u0027s still a requirement that the device config space must be\naccessible, which has implications for both the current state of the polled\ndevice and the parent bridge, when present.  It\u0027s not sufficient to assume\nthe bridge remains in D0 and cases have been observed where the bridge\npasses the D0 test, but the PM state indicates RPM_SUSPENDING and config\nspace of the polled device becomes inaccessible during pci_pme_wakeup().\n\nTherefore, since the bridge is already effectively required to be in the\nRPM_ACTIVE state, formalize this in the code and elevate the PM usage count\nto maintain the state while polling the subordinate device.\n\nThis resolves a regression reported in the bugzilla below where a\nThunderbolt/USB4 hierarchy fails to scan for an attached NVMe endpoint\ndownstream of a bridge in a D3hot power state."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T08:50:06.930Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/63b1a3d9dd3b3f6d67f524e76270e66767090583"
        },
        {
          "url": "https://git.kernel.org/stable/c/a4f12e5cbac2865c151d1e97e36eb24205afb23b"
        },
        {
          "url": "https://git.kernel.org/stable/c/41044d5360685e78a869d40a168491a70cdb7e73"
        }
      ],
      "title": "PCI: Fix active state requirement in PME polling",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26918",
    "datePublished": "2024-04-17T15:59:26.954Z",
    "dateReserved": "2024-02-19T14:20:24.193Z",
    "dateUpdated": "2024-12-19T08:50:06.930Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-26918\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-04-17T16:15:08.303\",\"lastModified\":\"2024-11-21T09:03:22.790\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nPCI: Fix active state requirement in PME polling\\n\\nThe commit noted in fixes added a bogus requirement that runtime PM managed\\ndevices need to be in the RPM_ACTIVE state for PME polling.  In fact, only\\ndevices in low power states should be polled.\\n\\nHowever there\u0027s still a requirement that the device config space must be\\naccessible, which has implications for both the current state of the polled\\ndevice and the parent bridge, when present.  It\u0027s not sufficient to assume\\nthe bridge remains in D0 and cases have been observed where the bridge\\npasses the D0 test, but the PM state indicates RPM_SUSPENDING and config\\nspace of the polled device becomes inaccessible during pci_pme_wakeup().\\n\\nTherefore, since the bridge is already effectively required to be in the\\nRPM_ACTIVE state, formalize this in the code and elevate the PM usage count\\nto maintain the state while polling the subordinate device.\\n\\nThis resolves a regression reported in the bugzilla below where a\\nThunderbolt/USB4 hierarchy fails to scan for an attached NVMe endpoint\\ndownstream of a bridge in a D3hot power state.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: PCI: corrige el requisito de estado activo en el sondeo de PME. La confirmaci\u00f3n observada en las correcciones agreg\u00f3 un requisito falso de que los dispositivos administrados por PM en tiempo de ejecuci\u00f3n deben estar en el estado RPM_ACTIVE para el sondeo de PME. De hecho, s\u00f3lo se deben sondear los dispositivos en estados de bajo consumo de energ\u00eda. Sin embargo, todav\u00eda existe el requisito de que se pueda acceder al espacio de configuraci\u00f3n del dispositivo, lo que tiene implicaciones tanto para el estado actual del dispositivo sondeado como para el puente principal, cuando est\u00e9 presente. No es suficiente asumir que el puente permanece en D0 y se han observado casos en los que el puente pasa la prueba D0, pero el estado PM indica RPM_SUSPENDING y el espacio de configuraci\u00f3n del dispositivo sondeado se vuelve inaccesible durante pci_pme_wakeup(). Por lo tanto, dado que ya se requiere que el puente est\u00e9 en el estado RPM_ACTIVE, formalice esto en el c\u00f3digo y eleve el recuento de uso de PM para mantener el estado mientras se sondea el dispositivo subordinado. Esto resuelve una regresi\u00f3n reportada en el bugzilla a continuaci\u00f3n donde una jerarqu\u00eda Thunderbolt/USB4 no puede buscar un endpoint NVMe conectado aguas abajo de un puente en un estado de energ\u00eda D3hot.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":3.6}]},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/41044d5360685e78a869d40a168491a70cdb7e73\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/63b1a3d9dd3b3f6d67f524e76270e66767090583\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a4f12e5cbac2865c151d1e97e36eb24205afb23b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/41044d5360685e78a869d40a168491a70cdb7e73\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/63b1a3d9dd3b3f6d67f524e76270e66767090583\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/a4f12e5cbac2865c151d1e97e36eb24205afb23b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.