ghsa-r8jg-75qw-69pw
Vulnerability from github
Published
2024-05-19 09:34
Modified
2024-06-03 18:56
Details

In the Linux kernel, the following vulnerability has been resolved:

x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()

Modifying a MCA bank's MCA_CTL bits which control which error types to be reported is done over

/sys/devices/system/machinecheck/ ├── machinecheck0 │   ├── bank0 │   ├── bank1 │   ├── bank10 │   ├── bank11 ...

sysfs nodes by writing the new bit mask of events to enable.

When the write is accepted, the kernel deletes all current timers and reinits all banks.

Doing that in parallel can lead to initializing a timer which is already armed and in the timer wheel, i.e., in use already:

ODEBUG: init active (active state 0) object: ffff888063a28000 object type: timer_list hint: mce_timer_fn+0x0/0x240 arch/x86/kernel/cpu/mce/core.c:2642 WARNING: CPU: 0 PID: 8120 at lib/debugobjects.c:514 debug_print_object+0x1a0/0x2a0 lib/debugobjects.c:514

Fix that by grabbing the sysfs mutex as the rest of the MCA sysfs code does.

Reported by: Yue Sun samsun1006219@gmail.com Reported by: xingwei lee xrivendell7@gmail.com

Show details on source website


{
  "affected": [],
  "aliases": [
    "CVE-2024-35876"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-19T09:15:08Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mce: Make sure to grab mce_sysfs_mutex in set_bank()\n\nModifying a MCA bank\u0027s MCA_CTL bits which control which error types to\nbe reported is done over\n\n  /sys/devices/system/machinecheck/\n  \u251c\u2500\u2500 machinecheck0\n  \u2502\u00a0\u00a0 \u251c\u2500\u2500 bank0\n  \u2502\u00a0\u00a0 \u251c\u2500\u2500 bank1\n  \u2502\u00a0\u00a0 \u251c\u2500\u2500 bank10\n  \u2502\u00a0\u00a0 \u251c\u2500\u2500 bank11\n  ...\n\nsysfs nodes by writing the new bit mask of events to enable.\n\nWhen the write is accepted, the kernel deletes all current timers and\nreinits all banks.\n\nDoing that in parallel can lead to initializing a timer which is already\narmed and in the timer wheel, i.e., in use already:\n\n  ODEBUG: init active (active state 0) object: ffff888063a28000 object\n  type: timer_list hint: mce_timer_fn+0x0/0x240 arch/x86/kernel/cpu/mce/core.c:2642\n  WARNING: CPU: 0 PID: 8120 at lib/debugobjects.c:514\n  debug_print_object+0x1a0/0x2a0 lib/debugobjects.c:514\n\nFix that by grabbing the sysfs mutex as the rest of the MCA sysfs code\ndoes.\n\nReported by: Yue Sun \u003csamsun1006219@gmail.com\u003e\nReported by: xingwei lee \u003cxrivendell7@gmail.com\u003e",
  "id": "GHSA-r8jg-75qw-69pw",
  "modified": "2024-06-03T18:56:15Z",
  "published": "2024-05-19T09:34:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35876"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/20a915154ccb88da08986ab6c9fc4c1cf6259de2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/32223b0b60d53f49567fc501f91ca076ae96be6b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3ddf944b32f88741c303f0b21459dbb3872b8bc5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5a02df3e92470efd589712925b5c722e730276a0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/976b1b2680fb4c01aaf05a0623288d87619a6c93"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f5e65b782f3e07324b9a8fa3cdaee422f057c758"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f860595512ff5c05a29fa4d64169c3fd1186b8cf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.