ghsa-4vhp-3pgf-3w85
Vulnerability from github
Published
2024-04-17 12:32
Modified
2024-04-17 12:32
Details

In the Linux kernel, the following vulnerability has been resolved:

RDMA/irdma: Fix KASAN issue with tasklet

KASAN testing revealed the following issue assocated with freeing an IRQ.

[50006.466686] Call Trace: [50006.466691] [50006.489538] dump_stack+0x5c/0x80 [50006.493475] print_address_description.constprop.6+0x1a/0x150 [50006.499872] ? irdma_sc_process_ceq+0x483/0x790 [irdma] [50006.505742] ? irdma_sc_process_ceq+0x483/0x790 [irdma] [50006.511644] kasan_report.cold.11+0x7f/0x118 [50006.516572] ? irdma_sc_process_ceq+0x483/0x790 [irdma] [50006.522473] irdma_sc_process_ceq+0x483/0x790 [irdma] [50006.528232] irdma_process_ceq+0xb2/0x400 [irdma] [50006.533601] ? irdma_hw_flush_wqes_callback+0x370/0x370 [irdma] [50006.540298] irdma_ceq_dpc+0x44/0x100 [irdma] [50006.545306] tasklet_action_common.isra.14+0x148/0x2c0 [50006.551096] __do_softirq+0x1d0/0xaf8 [50006.555396] irq_exit_rcu+0x219/0x260 [50006.559670] irq_exit+0xa/0x20 [50006.563320] smp_apic_timer_interrupt+0x1bf/0x690 [50006.568645] apic_timer_interrupt+0xf/0x20 [50006.573341]

The issue is that a tasklet could be pending on another core racing the delete of the irq.

Fix by insuring any scheduled tasklet is killed after deleting the irq.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-26838"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-17T10:15:09Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix KASAN issue with tasklet\n\nKASAN testing revealed the following issue assocated with freeing an IRQ.\n\n[50006.466686] Call Trace:\n[50006.466691]  \u003cIRQ\u003e\n[50006.489538]  dump_stack+0x5c/0x80\n[50006.493475]  print_address_description.constprop.6+0x1a/0x150\n[50006.499872]  ? irdma_sc_process_ceq+0x483/0x790 [irdma]\n[50006.505742]  ? irdma_sc_process_ceq+0x483/0x790 [irdma]\n[50006.511644]  kasan_report.cold.11+0x7f/0x118\n[50006.516572]  ? irdma_sc_process_ceq+0x483/0x790 [irdma]\n[50006.522473]  irdma_sc_process_ceq+0x483/0x790 [irdma]\n[50006.528232]  irdma_process_ceq+0xb2/0x400 [irdma]\n[50006.533601]  ? irdma_hw_flush_wqes_callback+0x370/0x370 [irdma]\n[50006.540298]  irdma_ceq_dpc+0x44/0x100 [irdma]\n[50006.545306]  tasklet_action_common.isra.14+0x148/0x2c0\n[50006.551096]  __do_softirq+0x1d0/0xaf8\n[50006.555396]  irq_exit_rcu+0x219/0x260\n[50006.559670]  irq_exit+0xa/0x20\n[50006.563320]  smp_apic_timer_interrupt+0x1bf/0x690\n[50006.568645]  apic_timer_interrupt+0xf/0x20\n[50006.573341]  \u003c/IRQ\u003e\n\nThe issue is that a tasklet could be pending on another core racing\nthe delete of the irq.\n\nFix by insuring any scheduled tasklet is killed after deleting the\nirq.",
  "id": "GHSA-4vhp-3pgf-3w85",
  "modified": "2024-04-17T12:32:03Z",
  "published": "2024-04-17T12:32:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26838"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0ae8ad0013978f7471f22bcf45b027393e87f5dc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/635d79aa477f9912e602feb5498bdd51fb9cb824"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b2e4a5266e3d133b4c7f0e43bf40d13ce14fd1aa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bd97cea7b18a0a553773af806dfbfac27a7c4acb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c6f1ca235f68b22b3e691b2ea87ac285e5946848"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.