CVE-2024-40904

CVE Details

Release Date:2024-07-12

Description


In the Linux kernel, the following vulnerability has been resolved:\nUSB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages\nThe syzbot fuzzer found that the interrupt-URB completion callback in\nthe cdc-wdm driver was taking too long, and the driver's immediate\nresubmission of interrupt URBs with -EPROTO status combined with the\ndummy-hcd emulation to cause a CPU lockup:\ncdc_wdm 1-1:1.0: nonzero urb status received: -71\ncdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes\nwatchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625]\nCPU#0 Utilization every 4s during lockup:\n#1: 98% system, 0% softirq, 3% hardirq, 0% idle\n#2: 98% system, 0% softirq, 3% hardirq, 0% idle\n#3: 98% system, 0% softirq, 3% hardirq, 0% idle\n#4: 98% system, 0% softirq, 3% hardirq, 0% idle\n#5: 98% system, 1% softirq, 3% hardirq, 0% idle\nModules linked in:\nirq event stamp: 73096\nhardirqs last enabled at (73095): [] console_emit_next_record kernel/printk/printk.c:2935 [inline]\nhardirqs last enabled at (73095): [] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994\nhardirqs last disabled at (73096): [] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\nhardirqs last disabled at (73096): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\nsoftirqs last enabled at (73048): [] softirq_handle_end kernel/softirq.c:400 [inline]\nsoftirqs last enabled at (73048): [] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582\nsoftirqs last disabled at (73043): [] __do_softirq+0x14/0x20 kernel/softirq.c:588\nCPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nTesting showed that the problem did not occur if the two error\nmessages -- the first two lines above -- were removed; apparently adding\nmaterial to the kernel log takes a surprisingly large amount of time.\nIn any case, the best approach for preventing these lockups and to\navoid spamming the log with thousands of error messages per second is\nto ratelimit the two dev_err() calls. Therefore we replace them with\ndev_err_ratelimited().

See more information about CVE-2024-40904 from MITRE CVE dictionary and NIST NVD


CVSS Scoring


NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score: 5.5 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector: Local network Attack Complexity: Low
Privileges Required: Low User Interaction: None
Scope: Unchanged Confidentiality Impact: None
Integrity Impact: None Availability Impact: High

Errata information


PlatformErrataRelease Date
Oracle Linux version 7 (kernel-uek)ELSA-2024-126102024-09-10
Oracle Linux version 7 (kernel-uek)ELSA-2024-127792024-10-11
Oracle Linux version 7 (kernel-uek-container)ELSA-2024-126122024-09-11
Oracle Linux version 8 (kernel)ELSA-2024-70002024-09-24
Oracle Linux version 8 (kernel-uek)ELSA-2024-126102024-09-10
Oracle Linux version 8 (kernel-uek)ELSA-2024-126182024-09-12
Oracle Linux version 8 (kernel-uek-container)ELSA-2024-126122024-09-11
Oracle Linux version 9 (kernel)ELSA-2024-86172024-10-30
Oracle Linux version 9 (kernel-uek)ELSA-2024-126182024-09-12


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete