cve-2024-27006
Vulnerability from cvelistv5
Published
2024-05-01 05:29
Modified
2024-12-19 08:52
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up() The count field in struct trip_stats, representing the number of times the zone temperature was above the trip point, needs to be incremented in thermal_debug_tz_trip_up(), for two reasons. First, if a trip point is crossed on the way up for the first time, thermal_debug_update_temp() called from update_temperature() does not see it because it has not been added to trips_crossed[] array in the thermal zone's struct tz_debugfs object yet. Therefore, when thermal_debug_tz_trip_up() is called after that, the trip point's count value is 0, and the attempt to divide by it during the average temperature computation leads to a divide error which causes the kernel to crash. Setting the count to 1 before the division by incrementing it fixes this problem. Second, if a trip point is crossed on the way up, but it has been crossed on the way up already before, its count value needs to be incremented to make a record of the fact that the zone temperature is above the trip now. Without doing that, if the mitigations applied after crossing the trip cause the zone temperature to drop below its threshold, the count will not be updated for this episode at all and the average temperature in the trip statistics record will be somewhat higher than it should be. Cc :6.8+ <stable@vger.kernel.org> # 6.8+
Impacted products
Vendor Product Version
Linux Linux Version: 6.8
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27006",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-14T20:04:05.646240Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-14T20:04:14.110Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.942Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9c8215d32e730b597c809a9d2090bf8ec1b79fcf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b552f63cd43735048bbe9bfbb7a9dcfce166fbdd"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/thermal/thermal_debugfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9c8215d32e730b597c809a9d2090bf8ec1b79fcf",
              "status": "affected",
              "version": "7ef01f228c9f54c6260319858be138a8a7e9e704",
              "versionType": "git"
            },
            {
              "lessThan": "b552f63cd43735048bbe9bfbb7a9dcfce166fbdd",
              "status": "affected",
              "version": "7ef01f228c9f54c6260319858be138a8a7e9e704",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/thermal/thermal_debugfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up()\n\nThe count field in struct trip_stats, representing the number of times\nthe zone temperature was above the trip point, needs to be incremented\nin thermal_debug_tz_trip_up(), for two reasons.\n\nFirst, if a trip point is crossed on the way up for the first time,\nthermal_debug_update_temp() called from update_temperature() does\nnot see it because it has not been added to trips_crossed[] array\nin the thermal zone\u0027s struct tz_debugfs object yet.  Therefore, when\nthermal_debug_tz_trip_up() is called after that, the trip point\u0027s\ncount value is 0, and the attempt to divide by it during the average\ntemperature computation leads to a divide error which causes the kernel\nto crash.  Setting the count to 1 before the division by incrementing it\nfixes this problem.\n\nSecond, if a trip point is crossed on the way up, but it has been\ncrossed on the way up already before, its count value needs to be\nincremented to make a record of the fact that the zone temperature is\nabove the trip now.  Without doing that, if the mitigations applied\nafter crossing the trip cause the zone temperature to drop below its\nthreshold, the count will not be updated for this episode at all and\nthe average temperature in the trip statistics record will be somewhat\nhigher than it should be.\n\nCc :6.8+ \u003cstable@vger.kernel.org\u003e # 6.8+"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T08:52:21.899Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9c8215d32e730b597c809a9d2090bf8ec1b79fcf"
        },
        {
          "url": "https://git.kernel.org/stable/c/b552f63cd43735048bbe9bfbb7a9dcfce166fbdd"
        }
      ],
      "title": "thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up()",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27006",
    "datePublished": "2024-05-01T05:29:03.797Z",
    "dateReserved": "2024-02-19T14:20:24.208Z",
    "dateUpdated": "2024-12-19T08:52:21.899Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-27006\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-01T06:15:19.053\",\"lastModified\":\"2024-11-21T09:03:36.310\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nthermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up()\\n\\nThe count field in struct trip_stats, representing the number of times\\nthe zone temperature was above the trip point, needs to be incremented\\nin thermal_debug_tz_trip_up(), for two reasons.\\n\\nFirst, if a trip point is crossed on the way up for the first time,\\nthermal_debug_update_temp() called from update_temperature() does\\nnot see it because it has not been added to trips_crossed[] array\\nin the thermal zone\u0027s struct tz_debugfs object yet.  Therefore, when\\nthermal_debug_tz_trip_up() is called after that, the trip point\u0027s\\ncount value is 0, and the attempt to divide by it during the average\\ntemperature computation leads to a divide error which causes the kernel\\nto crash.  Setting the count to 1 before the division by incrementing it\\nfixes this problem.\\n\\nSecond, if a trip point is crossed on the way up, but it has been\\ncrossed on the way up already before, its count value needs to be\\nincremented to make a record of the fact that the zone temperature is\\nabove the trip now.  Without doing that, if the mitigations applied\\nafter crossing the trip cause the zone temperature to drop below its\\nthreshold, the count will not be updated for this episode at all and\\nthe average temperature in the trip statistics record will be somewhat\\nhigher than it should be.\\n\\nCc :6.8+ \u003cstable@vger.kernel.org\u003e # 6.8+\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Thermal/debugfs: agregue el incremento de conteo faltante a Thermal_debug_tz_trip_up() El campo de conteo en la estructura trip_stats, que representa la cantidad de veces que la temperatura de la zona estuvo por encima del punto de disparo, debe incrementarse en Thermal_debug_tz_trip_up(), por dos razones. Primero, si se cruza un punto de viaje en el camino hacia arriba por primera vez, Thermal_debug_update_temp() llamado desde update_temperature() no lo ve porque a\u00fan no se ha agregado a la matriz trips_crossed[] en el objeto struct tz_debugfs de la zona t\u00e9rmica. Por lo tanto, cuando se llama a Thermal_debug_tz_trip_up() despu\u00e9s de eso, el valor de conteo del punto de disparo es 0, y el intento de dividirlo durante el c\u00e1lculo de la temperatura promedio conduce a un error de divisi\u00f3n que provoca que el kernel falle. Establecer el conteo en 1 antes de la divisi\u00f3n increment\u00e1ndolo soluciona este problema. En segundo lugar, si se cruza un punto de viaje en el camino hacia arriba, pero ya se ha cruzado en el camino hacia arriba, es necesario incrementar su valor de conteo para registrar el hecho de que la temperatura de la zona est\u00e1 por encima del viaje en este momento. Sin hacer eso, si las mitigaciones aplicadas despu\u00e9s de cruzar el viaje hacen que la temperatura de la zona caiga por debajo de su umbral, el conteo no se actualizar\u00e1 para este episodio en absoluto y la temperatura promedio en el registro de estad\u00edsticas del viaje ser\u00e1 algo mayor de lo que deber\u00eda ser. . CC :6.8+  # 6.8+\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/9c8215d32e730b597c809a9d2090bf8ec1b79fcf\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b552f63cd43735048bbe9bfbb7a9dcfce166fbdd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9c8215d32e730b597c809a9d2090bf8ec1b79fcf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/b552f63cd43735048bbe9bfbb7a9dcfce166fbdd\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.