cve-2024-35836
Vulnerability from cvelistv5
Published
2024-05-17 14:02
Modified
2024-11-05 09:23
Severity ?
Summary
dpll: fix pin dump crash for rebound module
Impacted products
Vendor Product Version
Linux Linux Version: 6.7
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.950Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5050a5b9d8b4d3c6f7e376e07670e437db7ccf9c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/830ead5fb0c5855ce4d70ba2ed4a673b5f1e7d9b"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35836",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:42:09.401771Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:19.338Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/dpll/dpll_core.c",
            "drivers/dpll/dpll_core.h",
            "drivers/dpll/dpll_netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5050a5b9d8b4",
              "status": "affected",
              "version": "9d71b54b65b1",
              "versionType": "git"
            },
            {
              "lessThan": "830ead5fb0c5",
              "status": "affected",
              "version": "9d71b54b65b1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/dpll/dpll_core.c",
            "drivers/dpll/dpll_core.h",
            "drivers/dpll/dpll_netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpll: fix pin dump crash for rebound module\n\nWhen a kernel module is unbound but the pin resources were not entirely\nfreed (other kernel module instance of the same PCI device have had kept\nthe reference to that pin), and kernel module is again bound, the pin\nproperties would not be updated (the properties are only assigned when\nmemory for the pin is allocated), prop pointer still points to the\nkernel module memory of the kernel module which was deallocated on the\nunbind.\n\nIf the pin dump is invoked in this state, the result is a kernel crash.\nPrevent the crash by storing persistent pin properties in dpll subsystem,\ncopy the content from the kernel module when pin is allocated, instead of\nusing memory of the kernel module."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:23:19.750Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5050a5b9d8b4d3c6f7e376e07670e437db7ccf9c"
        },
        {
          "url": "https://git.kernel.org/stable/c/830ead5fb0c5855ce4d70ba2ed4a673b5f1e7d9b"
        }
      ],
      "title": "dpll: fix pin dump crash for rebound module",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35836",
    "datePublished": "2024-05-17T14:02:27.847Z",
    "dateReserved": "2024-05-17T13:50:33.103Z",
    "dateUpdated": "2024-11-05T09:23:19.750Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-35836\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-17T14:15:20.607\",\"lastModified\":\"2024-05-17T18:35:35.070\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ndpll: fix pin dump crash for rebound module\\n\\nWhen a kernel module is unbound but the pin resources were not entirely\\nfreed (other kernel module instance of the same PCI device have had kept\\nthe reference to that pin), and kernel module is again bound, the pin\\nproperties would not be updated (the properties are only assigned when\\nmemory for the pin is allocated), prop pointer still points to the\\nkernel module memory of the kernel module which was deallocated on the\\nunbind.\\n\\nIf the pin dump is invoked in this state, the result is a kernel crash.\\nPrevent the crash by storing persistent pin properties in dpll subsystem,\\ncopy the content from the kernel module when pin is allocated, instead of\\nusing memory of the kernel module.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: dpll: corregido el fallo del volcado de pin para el m\u00f3dulo de rebote. Cuando un m\u00f3dulo del kernel est\u00e1 desatado pero los recursos del pin no se liberaron por completo (otra instancia del m\u00f3dulo del kernel del mismo dispositivo PCI ha mantenido la referencia a ese pin), y el m\u00f3dulo del kernel est\u00e1 nuevamente vinculado, las propiedades del pin no se actualizar\u00e1n (las propiedades solo se asignan cuando se asigna memoria para el pin), el puntero de propiedad a\u00fan apunta a la memoria del m\u00f3dulo del kernel que fue desasignado en la desvinculaci\u00f3n. Si se invoca el volcado de pines en este estado, el resultado es una fallo del kernel. Evite el bloqueo almacenando propiedades de pin persistentes en el subsistema dpll, copie el contenido del m\u00f3dulo del kernel cuando se asigna el pin, en lugar de usar la memoria del m\u00f3dulo del kernel.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/5050a5b9d8b4d3c6f7e376e07670e437db7ccf9c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/830ead5fb0c5855ce4d70ba2ed4a673b5f1e7d9b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.