cve-2024-36950
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2024-08-02 03:43
Severity
Summary
firewire: ohci: mask bus reset interrupts between ISR and bottom half
References
SourceURLTags
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/31279bbca40d2f40cb3bbb6d538ec9620a645dec
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4f9cc355c328fc4f41cbd9c4cd58b235184fa420
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/5982887de60c1b84f9c0ca07c835814d07fd1da0
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6fafe3661712b143d9c69a7322294bd53f559d5d
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/752e3c53de0fa3b7d817a83050b6699b8e9c6ec9
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8643332aac0576581cfdf01798ea3e4e0d624b61
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/fa273f312334246c909475c5868e6daab889cc8c
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Impacted products
VendorProduct
LinuxLinux
LinuxLinux
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36950",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-04T15:34:28.122404Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:47:47.286Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.561Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/31279bbca40d2f40cb3bbb6d538ec9620a645dec"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fa273f312334246c909475c5868e6daab889cc8c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4f9cc355c328fc4f41cbd9c4cd58b235184fa420"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6fafe3661712b143d9c69a7322294bd53f559d5d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5982887de60c1b84f9c0ca07c835814d07fd1da0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8643332aac0576581cfdf01798ea3e4e0d624b61"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/752e3c53de0fa3b7d817a83050b6699b8e9c6ec9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/firewire/ohci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b3948c69d602",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "31279bbca40d",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "fa273f312334",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "4f9cc355c328",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "6fafe3661712",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "5982887de60c",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "8643332aac05",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "752e3c53de0f",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/firewire/ohci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.314",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.276",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.217",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirewire: ohci: mask bus reset interrupts between ISR and bottom half\n\nIn the FireWire OHCI interrupt handler, if a bus reset interrupt has\noccurred, mask bus reset interrupts until bus_reset_work has serviced and\ncleared the interrupt.\n\nNormally, we always leave bus reset interrupts masked. We infer the bus\nreset from the self-ID interrupt that happens shortly thereafter. A\nscenario where we unmask bus reset interrupts was introduced in 2008 in\na007bb857e0b26f5d8b73c2ff90782d9c0972620: If\nOHCI_PARAM_DEBUG_BUSRESETS (8) is set in the debug parameter bitmask, we\nwill unmask bus reset interrupts so we can log them.\n\nirq_handler logs the bus reset interrupt. However, we can\u0027t clear the bus\nreset event flag in irq_handler, because we won\u0027t service the event until\nlater. irq_handler exits with the event flag still set. If the\ncorresponding interrupt is still unmasked, the first bus reset will\nusually freeze the system due to irq_handler being called again each\ntime it exits. This freeze can be reproduced by loading firewire_ohci\nwith \"modprobe firewire_ohci debug=-1\" (to enable all debugging output).\nApparently there are also some cases where bus_reset_work will get called\nsoon enough to clear the event, and operation will continue normally.\n\nThis freeze was first reported a few months after a007bb85 was committed,\nbut until now it was never fixed. The debug level could safely be set\nto -1 through sysfs after the module was loaded, but this would be\nineffectual in logging bus reset interrupts since they were only\nunmasked during initialization.\n\nirq_handler will now leave the event flag set but mask bus reset\ninterrupts, so irq_handler won\u0027t be called again and there will be no\nfreeze. If OHCI_PARAM_DEBUG_BUSRESETS is enabled, bus_reset_work will\nunmask the interrupt after servicing the event, so future interrupts\nwill be caught as desired.\n\nAs a side effect to this change, OHCI_PARAM_DEBUG_BUSRESETS can now be\nenabled through sysfs in addition to during initial module loading.\nHowever, when enabled through sysfs, logging of bus reset interrupts will\nbe effective only starting with the second bus reset, after\nbus_reset_work has executed."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-30T15:35:46.262Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130"
        },
        {
          "url": "https://git.kernel.org/stable/c/31279bbca40d2f40cb3bbb6d538ec9620a645dec"
        },
        {
          "url": "https://git.kernel.org/stable/c/fa273f312334246c909475c5868e6daab889cc8c"
        },
        {
          "url": "https://git.kernel.org/stable/c/4f9cc355c328fc4f41cbd9c4cd58b235184fa420"
        },
        {
          "url": "https://git.kernel.org/stable/c/6fafe3661712b143d9c69a7322294bd53f559d5d"
        },
        {
          "url": "https://git.kernel.org/stable/c/5982887de60c1b84f9c0ca07c835814d07fd1da0"
        },
        {
          "url": "https://git.kernel.org/stable/c/8643332aac0576581cfdf01798ea3e4e0d624b61"
        },
        {
          "url": "https://git.kernel.org/stable/c/752e3c53de0fa3b7d817a83050b6699b8e9c6ec9"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
        }
      ],
      "title": "firewire: ohci: mask bus reset interrupts between ISR and bottom half",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36950",
    "datePublished": "2024-05-30T15:35:46.262Z",
    "dateReserved": "2024-05-30T15:25:07.079Z",
    "dateUpdated": "2024-08-02T03:43:50.561Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-36950\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-30T16:15:18.000\",\"lastModified\":\"2024-06-27T14:15:15.090\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nfirewire: ohci: mask bus reset interrupts between ISR and bottom half\\n\\nIn the FireWire OHCI interrupt handler, if a bus reset interrupt has\\noccurred, mask bus reset interrupts until bus_reset_work has serviced and\\ncleared the interrupt.\\n\\nNormally, we always leave bus reset interrupts masked. We infer the bus\\nreset from the self-ID interrupt that happens shortly thereafter. A\\nscenario where we unmask bus reset interrupts was introduced in 2008 in\\na007bb857e0b26f5d8b73c2ff90782d9c0972620: If\\nOHCI_PARAM_DEBUG_BUSRESETS (8) is set in the debug parameter bitmask, we\\nwill unmask bus reset interrupts so we can log them.\\n\\nirq_handler logs the bus reset interrupt. However, we can\u0027t clear the bus\\nreset event flag in irq_handler, because we won\u0027t service the event until\\nlater. irq_handler exits with the event flag still set. If the\\ncorresponding interrupt is still unmasked, the first bus reset will\\nusually freeze the system due to irq_handler being called again each\\ntime it exits. This freeze can be reproduced by loading firewire_ohci\\nwith \\\"modprobe firewire_ohci debug=-1\\\" (to enable all debugging output).\\nApparently there are also some cases where bus_reset_work will get called\\nsoon enough to clear the event, and operation will continue normally.\\n\\nThis freeze was first reported a few months after a007bb85 was committed,\\nbut until now it was never fixed. The debug level could safely be set\\nto -1 through sysfs after the module was loaded, but this would be\\nineffectual in logging bus reset interrupts since they were only\\nunmasked during initialization.\\n\\nirq_handler will now leave the event flag set but mask bus reset\\ninterrupts, so irq_handler won\u0027t be called again and there will be no\\nfreeze. If OHCI_PARAM_DEBUG_BUSRESETS is enabled, bus_reset_work will\\nunmask the interrupt after servicing the event, so future interrupts\\nwill be caught as desired.\\n\\nAs a side effect to this change, OHCI_PARAM_DEBUG_BUSRESETS can now be\\nenabled through sysfs in addition to during initial module loading.\\nHowever, when enabled through sysfs, logging of bus reset interrupts will\\nbe effective only starting with the second bus reset, after\\nbus_reset_work has executed.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firewire: ohci: enmascara las interrupciones de reinicio del bus entre ISR y la mitad inferior. En el controlador de interrupciones FireWire OHCI, si se ha producido una interrupci\u00f3n de reinicio del bus, enmascara las interrupciones de reinicio del bus hasta que bus_reset_work haya sido reparado y borrado la interrupci\u00f3n. Normalmente, siempre dejamos enmascaradas las interrupciones de reinicio del bus. Inferimos el reinicio del bus a partir de la interrupci\u00f3n de la autoidentificaci\u00f3n que ocurre poco despu\u00e9s. En 2008 se introdujo un escenario en el que desenmascaramos las interrupciones de reinicio del bus en a007bb857e0b26f5d8b73c2ff90782d9c0972620: Si OHCI_PARAM_DEBUG_BUSRESETS (8) est\u00e1 configurado en la m\u00e1scara de bits del par\u00e1metro de depuraci\u00f3n, desenmascararemos las interrupciones de reinicio del bus para poder registrarlas. irq_handler registra la interrupci\u00f3n de reinicio del bus. Sin embargo, no podemos borrar el indicador de evento de reinicio del bus en irq_handler porque no atenderemos el evento hasta m\u00e1s tarde. irq_handler sale con el indicador de evento a\u00fan configurado. Si la interrupci\u00f3n correspondiente a\u00fan est\u00e1 desenmascarada, el primer reinicio del bus generalmente congelar\u00e1 el sistema debido a que se vuelve a llamar a irq_handler cada vez que sale. Esta congelaci\u00f3n se puede reproducir cargando firewire_ohci con \\\"modprobe firewire_ohci debug=-1\\\" (para habilitar todos los resultados de depuraci\u00f3n). Aparentemente, tambi\u00e9n hay algunos casos en los que se llamar\u00e1 a bus_reset_work lo suficientemente pronto como para borrar el evento y la operaci\u00f3n continuar\u00e1 normalmente. Esta congelaci\u00f3n se inform\u00f3 por primera vez unos meses despu\u00e9s del commit a007bb85, pero hasta ahora nunca se hab\u00eda solucionado. El nivel de depuraci\u00f3n podr\u00eda establecerse de forma segura en -1 a trav\u00e9s de sysfs despu\u00e9s de cargar el m\u00f3dulo, pero esto ser\u00eda ineficaz para registrar las interrupciones de reinicio del bus ya que s\u00f3lo se desenmascararon durante la inicializaci\u00f3n. irq_handler ahora dejar\u00e1 establecido el indicador de evento pero enmascarar\u00e1 las interrupciones de reinicio del bus, por lo que no se volver\u00e1 a llamar a irq_handler y no se congelar\u00e1. Si OHCI_PARAM_DEBUG_BUSRESETS est\u00e1 habilitado, bus_reset_work desenmascarar\u00e1 la interrupci\u00f3n despu\u00e9s de atender el evento, por lo que las interrupciones futuras se detectar\u00e1n seg\u00fan se desee. Como efecto secundario de este cambio, OHCI_PARAM_DEBUG_BUSRESETS ahora se puede habilitar a trav\u00e9s de sysfs adem\u00e1s de durante la carga inicial del m\u00f3dulo. Sin embargo, cuando se habilita a trav\u00e9s de sysfs, el registro de interrupciones de reinicio del bus ser\u00e1 efectivo solo a partir del segundo reinicio del bus, despu\u00e9s de que se haya ejecutado bus_reset_work.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/31279bbca40d2f40cb3bbb6d538ec9620a645dec\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4f9cc355c328fc4f41cbd9c4cd58b235184fa420\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5982887de60c1b84f9c0ca07c835814d07fd1da0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/6fafe3661712b143d9c69a7322294bd53f559d5d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/752e3c53de0fa3b7d817a83050b6699b8e9c6ec9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8643332aac0576581cfdf01798ea3e4e0d624b61\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fa273f312334246c909475c5868e6daab889cc8c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.