ghsa-gw9v-f3c7-qfqv
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
ice: fix uninitialized dplls mutex usage
The pf->dplls.lock mutex is initialized too late, after its first use. Move it to the top of ice_dpll_init. Note that the "err_exit" error path destroys the mutex. And the mutex is the last thing destroyed in ice_dpll_deinit. This fixes the following warning with CONFIG_DEBUG_MUTEXES:
ice 0000:10:00.0: The DDP package was successfully loaded: ICE OS Default Package version 1.3.36.0
ice 0000:10:00.0: 252.048 Gb/s available PCIe bandwidth (16.0 GT/s PCIe x16 link)
ice 0000:10:00.0: PTP init successful
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(lock->magic != lock)
WARNING: CPU: 0 PID: 410 at kernel/locking/mutex.c:587 __mutex_lock+0x773/0xd40
Modules linked in: crct10dif_pclmul crc32_pclmul crc32c_intel polyval_clmulni polyval_generic ice(+) nvme nvme_c>
CPU: 0 PID: 410 Comm: kworker/0:4 Not tainted 6.8.0-rc5+ #3
Hardware name: HPE ProLiant DL110 Gen10 Plus/ProLiant DL110 Gen10 Plus, BIOS U56 10/19/2023
Workqueue: events work_for_cpu_fn
RIP: 0010:__mutex_lock+0x773/0xd40
Code: c0 0f 84 1d f9 ff ff 44 8b 35 0d 9c 69 01 45 85 f6 0f 85 0d f9 ff ff 48 c7 c6 12 a2 a9 85 48 c7 c7 12 f1 a>
RSP: 0018:ff7eb1a3417a7ae0 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000
RDX: 0000000000000002 RSI: ffffffff85ac2bff RDI: 00000000ffffffff
RBP: ff7eb1a3417a7b80 R08: 0000000000000000 R09: 00000000ffffbfff
R10: ff7eb1a3417a7978 R11: ff32b80f7fd2e568 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ff32b7f02c50e0d8
FS: 0000000000000000(0000) GS:ff32b80efe800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055b5852cc000 CR3: 000000003c43a004 CR4: 0000000000771ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
{
"affected": [],
"aliases": [
"CVE-2024-26854"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-17T11:15:08Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix uninitialized dplls mutex usage\n\nThe pf-\u003edplls.lock mutex is initialized too late, after its first use.\nMove it to the top of ice_dpll_init.\nNote that the \"err_exit\" error path destroys the mutex. And the mutex is\nthe last thing destroyed in ice_dpll_deinit.\nThis fixes the following warning with CONFIG_DEBUG_MUTEXES:\n\n ice 0000:10:00.0: The DDP package was successfully loaded: ICE OS Default Package version 1.3.36.0\n ice 0000:10:00.0: 252.048 Gb/s available PCIe bandwidth (16.0 GT/s PCIe x16 link)\n ice 0000:10:00.0: PTP init successful\n ------------[ cut here ]------------\n DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n WARNING: CPU: 0 PID: 410 at kernel/locking/mutex.c:587 __mutex_lock+0x773/0xd40\n Modules linked in: crct10dif_pclmul crc32_pclmul crc32c_intel polyval_clmulni polyval_generic ice(+) nvme nvme_c\u003e\n CPU: 0 PID: 410 Comm: kworker/0:4 Not tainted 6.8.0-rc5+ #3\n Hardware name: HPE ProLiant DL110 Gen10 Plus/ProLiant DL110 Gen10 Plus, BIOS U56 10/19/2023\n Workqueue: events work_for_cpu_fn\n RIP: 0010:__mutex_lock+0x773/0xd40\n Code: c0 0f 84 1d f9 ff ff 44 8b 35 0d 9c 69 01 45 85 f6 0f 85 0d f9 ff ff 48 c7 c6 12 a2 a9 85 48 c7 c7 12 f1 a\u003e\n RSP: 0018:ff7eb1a3417a7ae0 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000\n RDX: 0000000000000002 RSI: ffffffff85ac2bff RDI: 00000000ffffffff\n RBP: ff7eb1a3417a7b80 R08: 0000000000000000 R09: 00000000ffffbfff\n R10: ff7eb1a3417a7978 R11: ff32b80f7fd2e568 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: ff32b7f02c50e0d8\n FS: 0000000000000000(0000) GS:ff32b80efe800000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055b5852cc000 CR3: 000000003c43a004 CR4: 0000000000771ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0x84/0x170\n ? __mutex_lock+0x773/0xd40\n ? report_bug+0x1c7/0x1d0\n ? prb_read_valid+0x1b/0x30\n ? handle_bug+0x42/0x70\n ? exc_invalid_op+0x18/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? __mutex_lock+0x773/0xd40\n ? rcu_is_watching+0x11/0x50\n ? __kmalloc_node_track_caller+0x346/0x490\n ? ice_dpll_lock_status_get+0x28/0x50 [ice]\n ? __pfx_ice_dpll_lock_status_get+0x10/0x10 [ice]\n ? ice_dpll_lock_status_get+0x28/0x50 [ice]\n ice_dpll_lock_status_get+0x28/0x50 [ice]\n dpll_device_get_one+0x14f/0x2e0\n dpll_device_event_send+0x7d/0x150\n dpll_device_register+0x124/0x180\n ice_dpll_init_dpll+0x7b/0xd0 [ice]\n ice_dpll_init+0x224/0xa40 [ice]\n ? _dev_info+0x70/0x90\n ice_load+0x468/0x690 [ice]\n ice_probe+0x75b/0xa10 [ice]\n ? _raw_spin_unlock_irqrestore+0x4f/0x80\n ? process_one_work+0x1a3/0x500\n local_pci_probe+0x47/0xa0\n work_for_cpu_fn+0x17/0x30\n process_one_work+0x20d/0x500\n worker_thread+0x1df/0x3e0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x103/0x140\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n irq event stamp: 125197\n hardirqs last enabled at (125197): [\u003cffffffff8416409d\u003e] finish_task_switch.isra.0+0x12d/0x3d0\n hardirqs last disabled at (125196): [\u003cffffffff85134044\u003e] __schedule+0xea4/0x19f0\n softirqs last enabled at (105334): [\u003cffffffff84e1e65a\u003e] napi_get_frags_check+0x1a/0x60\n softirqs last disabled at (105332): [\u003cffffffff84e1e65a\u003e] napi_get_frags_check+0x1a/0x60\n ---[ end trace 0000000000000000 ]---",
"id": "GHSA-gw9v-f3c7-qfqv",
"modified": "2024-07-03T18:34:45Z",
"published": "2024-04-17T12:32:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26854"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9224fc86f1776193650a33a275cac628952f80a9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/db29ceff3e25c48907016da456a7cbee6310fd83"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.