cve/published/2024/CVE-2024-46791.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-46791: can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open

 The mcp251x_hw_wake() function is called with the mpc_lock mutex held and
 disables the interrupt handler so that no interrupts can be processed while
 waking the device. If an interrupt has already occurred then waiting for
 the interrupt handler to complete will deadlock because it will be trying
 to acquire the same mutex.

 CPU0                           CPU1
 ----                           ----
 mcp251x_open()
  mutex_lock(&priv->mcp_lock)
   request_threaded_irq()
                                <interrupt>
                                mcp251x_can_ist()
                                 mutex_lock(&priv->mcp_lock)
   mcp251x_hw_wake()
    disable_irq() <-- deadlock

 Use disable_irq_nosync() instead because the interrupt handler does
 everything while holding the mutex so it doesn't matter if it's still
 running.

 The Linux kernel CVE team has assigned CVE-2024-46791 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.5 with commit 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef and fixed in 5.10.226 with commit 3a49b6b1caf5cefc05264d29079d52c99cb188e0
 	Issue introduced in 5.5 with commit 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef and fixed in 5.15.167 with commit 513c8fc189b52f7922e36bdca58997482b198f0e
 	Issue introduced in 5.5 with commit 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef and fixed in 6.1.110 with commit f7ab9e14b23a3eac6714bdc4dba244d8aa1ef646
 	Issue introduced in 5.5 with commit 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef and fixed in 6.6.51 with commit 8fecde9c3f9a4b97b68bb97c9f47e5b662586ba7
 	Issue introduced in 5.5 with commit 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef and fixed in 6.10.10 with commit e554113a1cd2a9cfc6c7af7bdea2141c5757e188
 	Issue introduced in 5.5 with commit 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef and fixed in 6.11 with commit 7dd9c26bd6cf679bcfdef01a8659791aa6487a29

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-46791
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/net/can/spi/mcp251x.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/3a49b6b1caf5cefc05264d29079d52c99cb188e0
 	https://git.kernel.org/stable/c/513c8fc189b52f7922e36bdca58997482b198f0e
 	https://git.kernel.org/stable/c/f7ab9e14b23a3eac6714bdc4dba244d8aa1ef646
 	https://git.kernel.org/stable/c/8fecde9c3f9a4b97b68bb97c9f47e5b662586ba7
 	https://git.kernel.org/stable/c/e554113a1cd2a9cfc6c7af7bdea2141c5757e188
 	https://git.kernel.org/stable/c/7dd9c26bd6cf679bcfdef01a8659791aa6487a29
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-46791: can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open

	The mcp251x_hw_wake() function is called with the mpc_lock mutex held and
	disables the interrupt handler so that no interrupts can be processed while
	waking the device. If an interrupt has already occurred then waiting for
	the interrupt handler to complete will deadlock because it will be trying
	to acquire the same mutex.

	CPU0 CPU1
	---- ----
	mcp251x_open()
	mutex_lock(&priv->mcp_lock)
	request_threaded_irq()
	<interrupt>
	mcp251x_can_ist()
	mutex_lock(&priv->mcp_lock)
	mcp251x_hw_wake()
	disable_irq() <-- deadlock

	Use disable_irq_nosync() instead because the interrupt handler does
	everything while holding the mutex so it doesn't matter if it's still
	running.

	The Linux kernel CVE team has assigned CVE-2024-46791 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.5 with commit 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef and fixed in 5.10.226 with commit 3a49b6b1caf5cefc05264d29079d52c99cb188e0
	Issue introduced in 5.5 with commit 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef and fixed in 5.15.167 with commit 513c8fc189b52f7922e36bdca58997482b198f0e
	Issue introduced in 5.5 with commit 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef and fixed in 6.1.110 with commit f7ab9e14b23a3eac6714bdc4dba244d8aa1ef646
	Issue introduced in 5.5 with commit 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef and fixed in 6.6.51 with commit 8fecde9c3f9a4b97b68bb97c9f47e5b662586ba7
	Issue introduced in 5.5 with commit 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef and fixed in 6.10.10 with commit e554113a1cd2a9cfc6c7af7bdea2141c5757e188
	Issue introduced in 5.5 with commit 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef and fixed in 6.11 with commit 7dd9c26bd6cf679bcfdef01a8659791aa6487a29

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-46791
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/net/can/spi/mcp251x.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/3a49b6b1caf5cefc05264d29079d52c99cb188e0
	https://git.kernel.org/stable/c/513c8fc189b52f7922e36bdca58997482b198f0e
	https://git.kernel.org/stable/c/f7ab9e14b23a3eac6714bdc4dba244d8aa1ef646
	https://git.kernel.org/stable/c/8fecde9c3f9a4b97b68bb97c9f47e5b662586ba7
	https://git.kernel.org/stable/c/e554113a1cd2a9cfc6c7af7bdea2141c5757e188
	https://git.kernel.org/stable/c/7dd9c26bd6cf679bcfdef01a8659791aa6487a29