THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2024-27005

interconnect: Don't access req_list while it's being manipulated

Reserved:2024-02-19
Published:2024-05-01
Updated:2024-05-13

Description

In the Linux kernel, the following vulnerability has been resolved: interconnect: Don't access req_list while it's being manipulated The icc_lock mutex was split into separate icc_lock and icc_bw_lock mutexes in [1] to avoid lockdep splats. However, this didn't adequately protect access to icc_node::req_list. The icc_set_bw() function will eventually iterate over req_list while only holding icc_bw_lock, but req_list can be modified while only holding icc_lock. This causes races between icc_set_bw(), of_icc_get(), and icc_put(). Example A: CPU0 CPU1 ---- ---- icc_set_bw(path_a) mutex_lock(&icc_bw_lock); icc_put(path_b) mutex_lock(&icc_lock); aggregate_requests() hlist_for_each_entry(r, ... hlist_del(... <r = invalid pointer> Example B: CPU0 CPU1 ---- ---- icc_set_bw(path_a) mutex_lock(&icc_bw_lock); path_b = of_icc_get() of_icc_get_by_index() mutex_lock(&icc_lock); path_find() path_init() aggregate_requests() hlist_for_each_entry(r, ... hlist_add_head(... <r = invalid pointer> Fix this by ensuring icc_bw_lock is always held before manipulating icc_node::req_list. The additional places icc_bw_lock is held don't perform any memory allocations, so we should still be safe from the original lockdep splats that motivated the separate locks. [1] commit af42269c3523 ("interconnect: Fix locking for runpm vs reclaim")

Product status

Default status
unaffected

af42269c3523 before d0d04efa2e36
affected

af42269c3523 before 4c65507121ea
affected

af42269c3523 before de1bf25b6d77
affected

Default status
affected

6.6
affected

Any version before 6.6
unaffected

6.6.29
unaffected

6.8.8
unaffected

6.9
unaffected

References

https://git.kernel.org/stable/c/d0d04efa2e367921654b5106cc5c05e3757c2b42

https://git.kernel.org/stable/c/4c65507121ea8e0b47fae6d2049c8688390d46b6

https://git.kernel.org/stable/c/de1bf25b6d771abdb52d43546cf57ad775fb68a1

cve.org CVE-2024-27005

nvd.nist.gov CVE-2024-27005

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-27005