cve/published/2024/CVE-2024-50023.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-50023: net: phy: Remove LED entry from LEDs list on unregister

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 net: phy: Remove LED entry from LEDs list on unregister

 Commit c938ab4da0eb ("net: phy: Manual remove LEDs to ensure correct
 ordering") correctly fixed a problem with using devm_ but missed
 removing the LED entry from the LEDs list.

 This cause kernel panic on specific scenario where the port for the PHY
 is torn down and up and the kmod for the PHY is removed.

 On setting the port down the first time, the assosiacted LEDs are
 correctly unregistered. The associated kmod for the PHY is now removed.
 The kmod is now added again and the port is now put up, the associated LED
 are registered again.
 On putting the port down again for the second time after these step, the
 LED list now have 4 elements. With the first 2 already unregistered
 previously and the 2 new one registered again.

 This cause a kernel panic as the first 2 element should have been
 removed.

 Fix this by correctly removing the element when LED is unregistered.

 The Linux kernel CVE team has assigned CVE-2024-50023 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 6.4 with commit c938ab4da0eb1620ae3243b0b24c572ddfc318fc and fixed in 6.6.57 with commit 143ffa7878e2d9d9c3836ee8304ce4930f7852a3
 	Issue introduced in 6.4 with commit c938ab4da0eb1620ae3243b0b24c572ddfc318fc and fixed in 6.11.4 with commit fba363f4d244269a0ba7abb8df953a244c6749af
 	Issue introduced in 6.4 with commit c938ab4da0eb1620ae3243b0b24c572ddfc318fc and fixed in 6.12 with commit f50b5d74c68e551667e265123659b187a30fe3a5

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-50023
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/net/phy/phy_device.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/143ffa7878e2d9d9c3836ee8304ce4930f7852a3
 	https://git.kernel.org/stable/c/fba363f4d244269a0ba7abb8df953a244c6749af
 	https://git.kernel.org/stable/c/f50b5d74c68e551667e265123659b187a30fe3a5
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-50023: net: phy: Remove LED entry from LEDs list on unregister

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	net: phy: Remove LED entry from LEDs list on unregister

	Commit c938ab4da0eb ("net: phy: Manual remove LEDs to ensure correct
	ordering") correctly fixed a problem with using devm_ but missed
	removing the LED entry from the LEDs list.

	This cause kernel panic on specific scenario where the port for the PHY
	is torn down and up and the kmod for the PHY is removed.

	On setting the port down the first time, the assosiacted LEDs are
	correctly unregistered. The associated kmod for the PHY is now removed.
	The kmod is now added again and the port is now put up, the associated LED
	are registered again.
	On putting the port down again for the second time after these step, the
	LED list now have 4 elements. With the first 2 already unregistered
	previously and the 2 new one registered again.

	This cause a kernel panic as the first 2 element should have been
	removed.

	Fix this by correctly removing the element when LED is unregistered.

	The Linux kernel CVE team has assigned CVE-2024-50023 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 6.4 with commit c938ab4da0eb1620ae3243b0b24c572ddfc318fc and fixed in 6.6.57 with commit 143ffa7878e2d9d9c3836ee8304ce4930f7852a3
	Issue introduced in 6.4 with commit c938ab4da0eb1620ae3243b0b24c572ddfc318fc and fixed in 6.11.4 with commit fba363f4d244269a0ba7abb8df953a244c6749af
	Issue introduced in 6.4 with commit c938ab4da0eb1620ae3243b0b24c572ddfc318fc and fixed in 6.12 with commit f50b5d74c68e551667e265123659b187a30fe3a5

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-50023
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/net/phy/phy_device.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/143ffa7878e2d9d9c3836ee8304ce4930f7852a3
	https://git.kernel.org/stable/c/fba363f4d244269a0ba7abb8df953a244c6749af
	https://git.kernel.org/stable/c/f50b5d74c68e551667e265123659b187a30fe3a5