Description
In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() The cpufreq_cpu_put() call in update_qos_request() takes place too early because the latter subsequently calls freq_qos_update_request() that indirectly accesses the policy object in question through the QoS request object passed to it. Fortunately, update_qos_request() is called under intel_pstate_driver_lock, so this issue does not matter for changing the intel_pstate operation mode, but it theoretically can cause a crash to occur on CPU device hot removal (which currently can only happen in virt, but it is formally supported nevertheless). Address this issue by modifying update_qos_request() to drop the reference to the policy later.
Product status
da5c504c7aae96db68c4b38e2564a88e91842d89 (git) before 15ac9579ebdaf22a37d7f60b3a8efc1029732ef9
da5c504c7aae96db68c4b38e2564a88e91842d89 (git) before bc26564bcc659beb6d977cd6eb394041ec2f2851
da5c504c7aae96db68c4b38e2564a88e91842d89 (git) before ad4e8f9bdbef11a19b7cb93e7f313bf59bdcc3b4
da5c504c7aae96db68c4b38e2564a88e91842d89 (git) before 0a58d3e77b22b087a57831c87cafd360e144a5bd
da5c504c7aae96db68c4b38e2564a88e91842d89 (git) before 69a18ff6c60e8e113420f15355fad862cb45d38e
da5c504c7aae96db68c4b38e2564a88e91842d89 (git) before ba63d4e9857a72a89e71a4eff9f2cc8c283e94c3
da5c504c7aae96db68c4b38e2564a88e91842d89 (git) before 57e4a6aadf12578b96a038373cffd54b3a58b092
da5c504c7aae96db68c4b38e2564a88e91842d89 (git) before 69e5d50fcf4093fb3f9f41c4f931f12c2ca8c467
5.4
Any version before 5.4
5.4.301 (semver)
5.10.246 (semver)
5.15.195 (semver)
6.1.157 (semver)
6.6.113 (semver)
6.12.54 (semver)
6.17.4 (semver)
6.18 (original_commit_for_fix)
References
git.kernel.org/...c/15ac9579ebdaf22a37d7f60b3a8efc1029732ef9
git.kernel.org/...c/bc26564bcc659beb6d977cd6eb394041ec2f2851
git.kernel.org/...c/ad4e8f9bdbef11a19b7cb93e7f313bf59bdcc3b4
git.kernel.org/...c/0a58d3e77b22b087a57831c87cafd360e144a5bd
git.kernel.org/...c/69a18ff6c60e8e113420f15355fad862cb45d38e
git.kernel.org/...c/ba63d4e9857a72a89e71a4eff9f2cc8c283e94c3
git.kernel.org/...c/57e4a6aadf12578b96a038373cffd54b3a58b092
git.kernel.org/...c/69e5d50fcf4093fb3f9f41c4f931f12c2ca8c467
