cve/published/2024/CVE-2024-50238.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-50238: phy: qcom: qmp-usbc: fix NULL-deref on runtime suspend

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 phy: qcom: qmp-usbc: fix NULL-deref on runtime suspend

 Commit 413db06c05e7 ("phy: qcom-qmp-usb: clean up probe initialisation")
 removed most users of the platform device driver data from the
 qcom-qmp-usb driver, but mistakenly also removed the initialisation
 despite the data still being used in the runtime PM callbacks. This bug
 was later reproduced when the driver was copied to create the qmp-usbc
 driver.

 Restore the driver data initialisation at probe to avoid a NULL-pointer
 dereference on runtime suspend.

 Apparently no one uses runtime PM, which currently needs to be enabled
 manually through sysfs, with these drivers.

 The Linux kernel CVE team has assigned CVE-2024-50238 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 6.9 with commit 19281571a4d5b6049dad9318db081af48818b1d2 and fixed in 6.11.7 with commit c7086dc0539b1b2b61c8c735186698bca4858246
 	Issue introduced in 6.9 with commit 19281571a4d5b6049dad9318db081af48818b1d2 and fixed in 6.12 with commit 34c21f94fa1e147a19b54b6adf0c93a623b70dd8
 	Issue introduced in 6.8.2 with commit bdb35fcff34af08fc7a7cb92f99ff1442e975cb1

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-50238
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/phy/qualcomm/phy-qcom-qmp-usbc.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/c7086dc0539b1b2b61c8c735186698bca4858246
 	https://git.kernel.org/stable/c/34c21f94fa1e147a19b54b6adf0c93a623b70dd8
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-50238: phy: qcom: qmp-usbc: fix NULL-deref on runtime suspend

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	phy: qcom: qmp-usbc: fix NULL-deref on runtime suspend

	Commit 413db06c05e7 ("phy: qcom-qmp-usb: clean up probe initialisation")
	removed most users of the platform device driver data from the
	qcom-qmp-usb driver, but mistakenly also removed the initialisation
	despite the data still being used in the runtime PM callbacks. This bug
	was later reproduced when the driver was copied to create the qmp-usbc
	driver.

	Restore the driver data initialisation at probe to avoid a NULL-pointer
	dereference on runtime suspend.

	Apparently no one uses runtime PM, which currently needs to be enabled
	manually through sysfs, with these drivers.

	The Linux kernel CVE team has assigned CVE-2024-50238 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 6.9 with commit 19281571a4d5b6049dad9318db081af48818b1d2 and fixed in 6.11.7 with commit c7086dc0539b1b2b61c8c735186698bca4858246
	Issue introduced in 6.9 with commit 19281571a4d5b6049dad9318db081af48818b1d2 and fixed in 6.12 with commit 34c21f94fa1e147a19b54b6adf0c93a623b70dd8
	Issue introduced in 6.8.2 with commit bdb35fcff34af08fc7a7cb92f99ff1442e975cb1

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-50238
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/phy/qualcomm/phy-qcom-qmp-usbc.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/c7086dc0539b1b2b61c8c735186698bca4858246
	https://git.kernel.org/stable/c/34c21f94fa1e147a19b54b6adf0c93a623b70dd8