We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-27005

interconnect: Don't access req_list while it's being manipulated



Description

In the Linux kernel, the following vulnerability has been resolved: interconnect: Don't access req_list while it's being manipulated The icc_lock mutex was split into separate icc_lock and icc_bw_lock mutexes in [1] to avoid lockdep splats. However, this didn't adequately protect access to icc_node::req_list. The icc_set_bw() function will eventually iterate over req_list while only holding icc_bw_lock, but req_list can be modified while only holding icc_lock. This causes races between icc_set_bw(), of_icc_get(), and icc_put(). Example A: CPU0 CPU1 ---- ---- icc_set_bw(path_a) mutex_lock(&icc_bw_lock); icc_put(path_b) mutex_lock(&icc_lock); aggregate_requests() hlist_for_each_entry(r, ... hlist_del(... <r = invalid pointer> Example B: CPU0 CPU1 ---- ---- icc_set_bw(path_a) mutex_lock(&icc_bw_lock); path_b = of_icc_get() of_icc_get_by_index() mutex_lock(&icc_lock); path_find() path_init() aggregate_requests() hlist_for_each_entry(r, ... hlist_add_head(... <r = invalid pointer> Fix this by ensuring icc_bw_lock is always held before manipulating icc_node::req_list. The additional places icc_bw_lock is held don't perform any memory allocations, so we should still be safe from the original lockdep splats that motivated the separate locks. [1] commit af42269c3523 ("interconnect: Fix locking for runpm vs reclaim")

Reserved 2024-02-19 | Published 2024-05-01 | Updated 2024-12-19 | Assigner Linux

Product status

Default status
unaffected

af42269c3523492d71ebbe11fefae2653e9cdc78 before d0d04efa2e367921654b5106cc5c05e3757c2b42
affected

af42269c3523492d71ebbe11fefae2653e9cdc78 before 4c65507121ea8e0b47fae6d2049c8688390d46b6
affected

af42269c3523492d71ebbe11fefae2653e9cdc78 before de1bf25b6d771abdb52d43546cf57ad775fb68a1
affected

Default status
affected

6.6
affected

Any version before 6.6
unaffected

6.6.29
unaffected

6.8.8
unaffected

6.9
unaffected

References

git.kernel.org/...c/d0d04efa2e367921654b5106cc5c05e3757c2b42

git.kernel.org/...c/4c65507121ea8e0b47fae6d2049c8688390d46b6

git.kernel.org/...c/de1bf25b6d771abdb52d43546cf57ad775fb68a1

cve.org (CVE-2024-27005)

nvd.nist.gov (CVE-2024-27005)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-27005

Support options

Helpdesk Chat, Email, Knowledgebase