cve/published/2024/CVE-2024-26722.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-26722: ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()

 There is a path in rt5645_jack_detect_work(), where rt5645->jd_mutex
 is left locked forever. That may lead to deadlock
 when rt5645_jack_detect_work() is called for the second time.

 Found by Linux Verification Center (linuxtesting.org) with SVACE.

 The Linux kernel CVE team has assigned CVE-2024-26722 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.19.306 with commit 48ce529c83522944f116f03884819051f44f0fb6 and fixed in 4.19.307 with commit 3dd2d99e2352903d0e0b8769e6c9b8293c7454b2
 	Issue introduced in 5.4.268 with commit b67005b284ddaf62043468d1ce5905c17d85b0e6 and fixed in 5.4.269 with commit 422d5243b9f780abd3d39da2b746e3915677b07d
 	Issue introduced in 5.10.209 with commit ffe13302b8fd486f80c98019bdcb7f3e512d0eda and fixed in 5.10.210 with commit 4a98bc739d0753a5810ce5630943cd7614c7717e
 	Issue introduced in 5.15.148 with commit 7a3ff8a2bb2620ba6a806f0967c38be1a8d306d9 and fixed in 5.15.149 with commit d14b8e2005f36319df9412d42037416d64827f6b
 	Issue introduced in 6.1.74 with commit 1613195bf31e68b192bc731bea71726773e3482f and fixed in 6.1.79 with commit 1f0d7792e9023e8658e901b7b76a555f6aa052ec
 	Issue introduced in 6.6.13 with commit 8f82f2e4d9c4966282e494ae67b0bc05a6c2b904 and fixed in 6.6.18 with commit 050ad2ca0ac169dd9e552075d2c6af1bbb46534c
 	Issue introduced in 6.7 with commit cdba4301adda7c60a2064bf808e48fccd352aaa9 and fixed in 6.7.6 with commit ed5b8b735369b40d6c1f8ef3e62d369f74b4c491
 	Issue introduced in 6.7 with commit cdba4301adda7c60a2064bf808e48fccd352aaa9 and fixed in 6.8 with commit 6ef5d5b92f7117b324efaac72b3db27ae8bb3082

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-26722
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	sound/soc/codecs/rt5645.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/3dd2d99e2352903d0e0b8769e6c9b8293c7454b2
 	https://git.kernel.org/stable/c/422d5243b9f780abd3d39da2b746e3915677b07d
 	https://git.kernel.org/stable/c/4a98bc739d0753a5810ce5630943cd7614c7717e
 	https://git.kernel.org/stable/c/d14b8e2005f36319df9412d42037416d64827f6b
 	https://git.kernel.org/stable/c/1f0d7792e9023e8658e901b7b76a555f6aa052ec
 	https://git.kernel.org/stable/c/050ad2ca0ac169dd9e552075d2c6af1bbb46534c
 	https://git.kernel.org/stable/c/ed5b8b735369b40d6c1f8ef3e62d369f74b4c491
 	https://git.kernel.org/stable/c/6ef5d5b92f7117b324efaac72b3db27ae8bb3082
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-26722: ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()

	There is a path in rt5645_jack_detect_work(), where rt5645->jd_mutex
	is left locked forever. That may lead to deadlock
	when rt5645_jack_detect_work() is called for the second time.

	Found by Linux Verification Center (linuxtesting.org) with SVACE.

	The Linux kernel CVE team has assigned CVE-2024-26722 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.19.306 with commit 48ce529c83522944f116f03884819051f44f0fb6 and fixed in 4.19.307 with commit 3dd2d99e2352903d0e0b8769e6c9b8293c7454b2
	Issue introduced in 5.4.268 with commit b67005b284ddaf62043468d1ce5905c17d85b0e6 and fixed in 5.4.269 with commit 422d5243b9f780abd3d39da2b746e3915677b07d
	Issue introduced in 5.10.209 with commit ffe13302b8fd486f80c98019bdcb7f3e512d0eda and fixed in 5.10.210 with commit 4a98bc739d0753a5810ce5630943cd7614c7717e
	Issue introduced in 5.15.148 with commit 7a3ff8a2bb2620ba6a806f0967c38be1a8d306d9 and fixed in 5.15.149 with commit d14b8e2005f36319df9412d42037416d64827f6b
	Issue introduced in 6.1.74 with commit 1613195bf31e68b192bc731bea71726773e3482f and fixed in 6.1.79 with commit 1f0d7792e9023e8658e901b7b76a555f6aa052ec
	Issue introduced in 6.6.13 with commit 8f82f2e4d9c4966282e494ae67b0bc05a6c2b904 and fixed in 6.6.18 with commit 050ad2ca0ac169dd9e552075d2c6af1bbb46534c
	Issue introduced in 6.7 with commit cdba4301adda7c60a2064bf808e48fccd352aaa9 and fixed in 6.7.6 with commit ed5b8b735369b40d6c1f8ef3e62d369f74b4c491
	Issue introduced in 6.7 with commit cdba4301adda7c60a2064bf808e48fccd352aaa9 and fixed in 6.8 with commit 6ef5d5b92f7117b324efaac72b3db27ae8bb3082

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-26722
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	sound/soc/codecs/rt5645.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/3dd2d99e2352903d0e0b8769e6c9b8293c7454b2
	https://git.kernel.org/stable/c/422d5243b9f780abd3d39da2b746e3915677b07d
	https://git.kernel.org/stable/c/4a98bc739d0753a5810ce5630943cd7614c7717e
	https://git.kernel.org/stable/c/d14b8e2005f36319df9412d42037416d64827f6b
	https://git.kernel.org/stable/c/1f0d7792e9023e8658e901b7b76a555f6aa052ec
	https://git.kernel.org/stable/c/050ad2ca0ac169dd9e552075d2c6af1bbb46534c
	https://git.kernel.org/stable/c/ed5b8b735369b40d6c1f8ef3e62d369f74b4c491
	https://git.kernel.org/stable/c/6ef5d5b92f7117b324efaac72b3db27ae8bb3082