CVE-2024-35968

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-35968
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35968.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-35968
Downstream
Published
2024-05-20T09:41:57.162Z
Modified
2025-11-20T04:01:01.171355Z
Summary
pds_core: Fix pdsc_check_pci_health function to use work thread
Details

In the Linux kernel, the following vulnerability has been resolved:

pdscore: Fix pdsccheckpcihealth function to use work thread

When the driver notices fwstatus == 0xff it tries to perform a PCI reset on itself via pciresetfunction() in the context of the driver's health thread. However, pdscresetprepare calls pdscstophealththread(), which attempts to stop/flush the health thread. This results in a deadlock because the stop/flush will never complete since the driver called pciresetfunction() from the health thread context. Fix by changing the pdsccheckpcihealthfunction() to queue a newly introduced pdscpcireset_thread() on the pdsc's work queue.

Unloading the driver in the fw_down/dead state uncovered another issue, which can be seen in the following trace:

WARNING: CPU: 51 PID: 6914 at kernel/workqueue.c:1450 queuework+0x358/0x440 [...] RIP: 0010:queuework+0x358/0x440 [...] Call Trace: <TASK> ? _warn+0x85/0x140 ? _queuework+0x358/0x440 ? reportbug+0xfc/0x1e0 ? handlebug+0x3f/0x70 ? excinvalidop+0x17/0x70 ? asmexcinvalidop+0x1a/0x20 ? _queuework+0x358/0x440 queueworkon+0x28/0x30 pdscdevcmdlocked+0x96/0xe0 [pdscore] pdscdevcmdreset+0x71/0xb0 [pdscore] pdscteardown+0x51/0xe0 [pdscore] pdscremove+0x106/0x200 [pdscore] pcideviceremove+0x37/0xc0 devicereleasedriverinternal+0xae/0x140 driverdetach+0x48/0x90 busremovedriver+0x6d/0xf0 pciunregisterdriver+0x2e/0xa0 pdsccleanupmodule+0x10/0x780 [pdscore] _x64sysdeletemodule+0x142/0x2b0 ? syscalltraceenter.isra.18+0x126/0x1a0 dosyscall64+0x3b/0x90 entrySYSCALL64after_hwframe+0x72/0xdc RIP: 0033:0x7fbd9d03a14b [...]

Fix this by preventing the devcmd reset if the FW is not running.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1e18ec3e9d46e4ad2b6507c3bfc7f59e2ab449a2
Fixed
38407914d48273d7f8ab765b9243658afe1c3ab6
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1e18ec3e9d46e4ad2b6507c3bfc7f59e2ab449a2
Fixed
81665adf25d28a00a986533f1d3a5df76b79cad9

Affected versions

v6.*

v6.6
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.9-rc1
v6.9-rc2

Database specific

vanir_signatures

[
    {
        "id": "CVE-2024-35968-023ea3c0",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "250914894262972604072498217640133311821",
                "241235772372808306467906627767954000089",
                "293488284354837668781862901692672820613",
                "321968612396715921444007410114530375319",
                "247996555120472486316097221613608526203",
                "98470331383462401760022453624489525275"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81665adf25d28a00a986533f1d3a5df76b79cad9",
        "target": {
            "file": "drivers/net/ethernet/amd/pds_core/core.h"
        }
    },
    {
        "id": "CVE-2024-35968-150bdea8",
        "signature_version": "v1",
        "digest": {
            "function_hash": "327766315823560989463170144145982189746",
            "length": 2276.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81665adf25d28a00a986533f1d3a5df76b79cad9",
        "target": {
            "file": "drivers/net/ethernet/amd/pds_core/main.c",
            "function": "pdsc_init_pf"
        }
    },
    {
        "id": "CVE-2024-35968-156b401f",
        "signature_version": "v1",
        "digest": {
            "function_hash": "173276657685986130615412345887329546620",
            "length": 202.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81665adf25d28a00a986533f1d3a5df76b79cad9",
        "target": {
            "file": "drivers/net/ethernet/amd/pds_core/dev.c",
            "function": "pdsc_devcmd_reset"
        }
    },
    {
        "id": "CVE-2024-35968-3df0b562",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "328132560233307655493979323086744773215",
                "289112721699959019165387359291558527946",
                "75007722851133508577717469393162506874",
                "22382936108850740938832418059716103404",
                "128619700438951080585824260661201961385",
                "47099766799388630366831016754509840869",
                "35072154055050776202066667300290546879"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81665adf25d28a00a986533f1d3a5df76b79cad9",
        "target": {
            "file": "drivers/net/ethernet/amd/pds_core/core.c"
        }
    },
    {
        "id": "CVE-2024-35968-7ed88e9a",
        "signature_version": "v1",
        "digest": {
            "function_hash": "76902662120199313666294244931747479842",
            "length": 208.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81665adf25d28a00a986533f1d3a5df76b79cad9",
        "target": {
            "file": "drivers/net/ethernet/amd/pds_core/core.c",
            "function": "pdsc_check_pci_health"
        }
    },
    {
        "id": "CVE-2024-35968-8aa6b978",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "181869352741323622841056511870009693210",
                "164855380543854037051338260053430666678",
                "126486432879975224991371919882214131783",
                "245843549109187212945578444366490670261"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81665adf25d28a00a986533f1d3a5df76b79cad9",
        "target": {
            "file": "drivers/net/ethernet/amd/pds_core/main.c"
        }
    },
    {
        "id": "CVE-2024-35968-c885d8da",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "248995237186480271011863418460549477053",
                "243998557460972887891081115398276942752",
                "24866311011263479218198689930981854246"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@81665adf25d28a00a986533f1d3a5df76b79cad9",
        "target": {
            "file": "drivers/net/ethernet/amd/pds_core/dev.c"
        }
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.8.7