CVE-2024-36002

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-36002
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36002.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-36002
Related
Published
2024-05-20T10:15:14Z
Modified
2024-09-18T03:26:22.459490Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

dpll: fix dpllpinonpinregister() for multiple parent pins

In scenario where pin is registered with multiple parent pins via dpllpinonpinregister(..), all belonging to the same dpll device. A second call to dpllpinonpinunregister(..) would cause a call trace, as it tries to use already released registration resources (due to fix introduced in b446631f355e). In this scenario pin was registered twice, so resources are not yet expected to be release until each registered pin/pin pair is unregistered.

Currently, the following crash/call trace is produced when ice driver is removed on the system with installed E810T NIC which includes dpll device:

WARNING: CPU: 51 PID: 9155 at drivers/dpll/dpllcore.c:809 dpllpinops+0x20/0x30 RIP: 0010:dpllpinops+0x20/0x30 Call Trace: ? _warn+0x7f/0x130 ? dpllpinops+0x20/0x30 dpllmsgaddpinfreq+0x37/0x1d0 dpllcmdpingetone+0x1c0/0x400 ? _nlmsgput+0x63/0x80 dpllpineventsend+0x93/0x140 dpllpinonpinunregister+0x3f/0x100 icedplldeinitpins+0xa1/0x230 [ice] ice_remove+0xf1/0x210 [ice]

Fix by adding a parent pointer as a cookie when creating a registration, also when searching for it. For the regular pins pass NULL, this allows to create separated registration for each parent the pin is registered with.

References

Affected packages

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.8.9-1

Affected versions

6.*

6.1.27-1
6.1.37-1
6.1.38-1
6.1.38-2~bpo11+1
6.1.38-2
6.1.38-3
6.1.38-4~bpo11+1
6.1.38-4
6.1.52-1
6.1.55-1~bpo11+1
6.1.55-1
6.1.64-1
6.1.66-1
6.1.67-1
6.1.69-1~bpo11+1
6.1.69-1
6.1.76-1~bpo11+1
6.1.76-1
6.1.82-1
6.1.85-1
6.1.90-1~bpo11+1
6.1.90-1
6.1.94-1~bpo11+1
6.1.94-1
6.1.98-1
6.1.99-1
6.1.106-1
6.1.106-2
6.1.106-3
6.3.1-1~exp1
6.3.2-1~exp1
6.3.4-1~exp1
6.3.5-1~exp1
6.3.7-1~bpo12+1
6.3.7-1
6.3.11-1
6.4~rc6-1~exp1
6.4~rc7-1~exp1
6.4.1-1~exp1
6.4.4-1~bpo12+1
6.4.4-1
6.4.4-2
6.4.4-3~bpo12+1
6.4.4-3
6.4.11-1
6.4.13-1
6.5~rc4-1~exp1
6.5~rc6-1~exp1
6.5~rc7-1~exp1
6.5.1-1~exp1
6.5.3-1~bpo12+1
6.5.3-1
6.5.6-1
6.5.8-1
6.5.10-1~bpo12+1
6.5.10-1
6.5.13-1
6.6.3-1~exp1
6.6.4-1~exp1
6.6.7-1~exp1
6.6.8-1
6.6.9-1
6.6.11-1
6.6.13-1~bpo12+1
6.6.13-1
6.6.15-1
6.6.15-2
6.7-1~exp1
6.7.1-1~exp1
6.7.4-1~exp1
6.7.7-1
6.7.9-1
6.7.9-2
6.7.12-1~bpo12+1
6.7.12-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}