Release Date: | 2024-05-21 |
In the Linux kernel, the following vulnerability has been resolved:\ncxl/port: Fix delete_endpoint() vs parent unregistration race\nThe CXL subsystem, at cxl_mem ->probe() time, establishes a lineage of\nports (struct cxl_port objects) between an endpoint and the root of a\nCXL topology. Each port including the endpoint port is attached to the\ncxl_port driver.\nGiven that setup, it follows that when either any port in that lineage\ngoes through a cxl_port ->remove() event, or the memdev goes through a\ncxl_mem ->remove() event. The hierarchy below the removed port, or the\nentire hierarchy if the memdev is removed needs to come down.\nThe delete_endpoint() callback is careful to check whether it is being\ncalled to tear down the hierarchy, or if it is only being called to\nteardown the memdev because an ancestor port is going through\n->remove().\nThat care needs to take the device_lock() of the endpoint's parent.\nWhich requires 2 bugs to be fixed:\n1/ A reference on the parent is needed to prevent use-after-free\nscenarios like this signature:\nBUG: spinlock bad magic on CPU#0, kworker/u56:0/11\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS edk2-20230524-3.fc38 05/24/2023\nWorkqueue: cxl_port detach_memdev [cxl_core]\nRIP: 0010:spin_bug+0x65/0xa0\nCall Trace:\ndo_raw_spin_lock+0x69/0xa0\n__mutex_lock+0x695/0xb80\ndelete_endpoint+0xad/0x150 [cxl_core]\ndevres_release_all+0xb8/0x110\ndevice_unbind_cleanup+0xe/0x70\ndevice_release_driver_internal+0x1d2/0x210\ndetach_memdev+0x15/0x20 [cxl_core]\nprocess_one_work+0x1e3/0x4c0\nworker_thread+0x1dd/0x3d0\n2/ In the case of RCH topologies, the parent device that needs to be\nlocked is not always @port->dev as returned by cxl_mem_find_port(), use\nendpoint->dev.parent instead.
See more information about CVE-2023-52771 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
Base Score: | 4.4 | CVSS Vector: | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Attack Vector: | Local network | Attack Complexity: | Low |
Privileges Required: | High | User Interaction: | None |
Scope: | Unchanged | Confidentiality Impact: | None |
Integrity Impact: | None | Availability Impact: | High |
Platform | Errata | Release Date |
Oracle Linux version 9 (kernel) | ELSA-2024-5928 | 2024-08-28 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections: