cve-2024-36029
Vulnerability from cvelistv5
Published
2024-05-30 15:19
Modified
2024-12-19 09:00
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-msm: pervent access to suspended controller Generic sdhci code registers LED device and uses host->runtime_suspended flag to protect access to it. The sdhci-msm driver doesn't set this flag, which causes a crash when LED is accessed while controller is runtime suspended. Fix this by setting the flag correctly.
Impacted products
Vendor Product Version
Linux Linux Version: 4.10
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36029",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-12T19:34:39.267848Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-12T19:34:47.223Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.966Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1200481cd6069d16ce20133bcd86f5825e26a045"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a957ea5aa3d3518067a1ba32c6127322ad348d20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/56b99a52229d7f8cd1f53d899f57aa7eb4b199af"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f653b04a818c490b045c97834d559911479aa1c5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f8def10f73a516b771051a2f70f2f0446902cb4f"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/mmc/host/sdhci-msm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1200481cd6069d16ce20133bcd86f5825e26a045",
              "status": "affected",
              "version": "67e6db113c903f2b8af924400b7b43ade4b9ac5c",
              "versionType": "git"
            },
            {
              "lessThan": "a957ea5aa3d3518067a1ba32c6127322ad348d20",
              "status": "affected",
              "version": "67e6db113c903f2b8af924400b7b43ade4b9ac5c",
              "versionType": "git"
            },
            {
              "lessThan": "56b99a52229d7f8cd1f53d899f57aa7eb4b199af",
              "status": "affected",
              "version": "67e6db113c903f2b8af924400b7b43ade4b9ac5c",
              "versionType": "git"
            },
            {
              "lessThan": "f653b04a818c490b045c97834d559911479aa1c5",
              "status": "affected",
              "version": "67e6db113c903f2b8af924400b7b43ade4b9ac5c",
              "versionType": "git"
            },
            {
              "lessThan": "f8def10f73a516b771051a2f70f2f0446902cb4f",
              "status": "affected",
              "version": "67e6db113c903f2b8af924400b7b43ade4b9ac5c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/mmc/host/sdhci-msm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "lessThan": "4.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: sdhci-msm: pervent access to suspended controller\n\nGeneric sdhci code registers LED device and uses host-\u003eruntime_suspended\nflag to protect access to it. The sdhci-msm driver doesn\u0027t set this flag,\nwhich causes a crash when LED is accessed while controller is runtime\nsuspended. Fix this by setting the flag correctly."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:00:55.581Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1200481cd6069d16ce20133bcd86f5825e26a045"
        },
        {
          "url": "https://git.kernel.org/stable/c/a957ea5aa3d3518067a1ba32c6127322ad348d20"
        },
        {
          "url": "https://git.kernel.org/stable/c/56b99a52229d7f8cd1f53d899f57aa7eb4b199af"
        },
        {
          "url": "https://git.kernel.org/stable/c/f653b04a818c490b045c97834d559911479aa1c5"
        },
        {
          "url": "https://git.kernel.org/stable/c/f8def10f73a516b771051a2f70f2f0446902cb4f"
        }
      ],
      "title": "mmc: sdhci-msm: pervent access to suspended controller",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36029",
    "datePublished": "2024-05-30T15:19:43.110Z",
    "dateReserved": "2024-05-17T13:50:33.160Z",
    "dateUpdated": "2024-12-19T09:00:55.581Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-36029\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-30T16:15:11.247\",\"lastModified\":\"2024-11-21T09:21:28.263\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmmc: sdhci-msm: pervent access to suspended controller\\n\\nGeneric sdhci code registers LED device and uses host-\u003eruntime_suspended\\nflag to protect access to it. The sdhci-msm driver doesn\u0027t set this flag,\\nwhich causes a crash when LED is accessed while controller is runtime\\nsuspended. Fix this by setting the flag correctly.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mmc: sdhci-msm: acceso prohibido al controlador suspendido El c\u00f3digo sdhci gen\u00e9rico registra el dispositivo LED y utiliza el indicador host-\u0026gt;runtime_suspended para proteger el acceso al mismo. El controlador sdhci-msm no establece este indicador, lo que provoca un bloqueo cuando se accede al LED mientras el controlador est\u00e1 suspendido en tiempo de ejecuci\u00f3n. Solucione este problema configurando la bandera correctamente.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1200481cd6069d16ce20133bcd86f5825e26a045\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/56b99a52229d7f8cd1f53d899f57aa7eb4b199af\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a957ea5aa3d3518067a1ba32c6127322ad348d20\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f653b04a818c490b045c97834d559911479aa1c5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f8def10f73a516b771051a2f70f2f0446902cb4f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1200481cd6069d16ce20133bcd86f5825e26a045\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/56b99a52229d7f8cd1f53d899f57aa7eb4b199af\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/a957ea5aa3d3518067a1ba32c6127322ad348d20\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/f653b04a818c490b045c97834d559911479aa1c5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/f8def10f73a516b771051a2f70f2f0446902cb4f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.