cve/published/2024/CVE-2024-26810.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-26810: vfio/pci: Lock external INTx masking ops

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 vfio/pci: Lock external INTx masking ops

 Mask operations through config space changes to DisINTx may race INTx
 configuration changes via ioctl.  Create wrappers that add locking for
 paths outside of the core interrupt code.

 In particular, irq_type is updated holding igate, therefore testing
 is_intx() requires holding igate.  For example clearing DisINTx from
 config space can otherwise race changes of the interrupt configuration.

 This aligns interfaces which may trigger the INTx eventfd into two
 camps, one side serialized by igate and the other only enabled while
 INTx is configured.  A subsequent patch introduces synchronization for
 the latter flows.

 The Linux kernel CVE team has assigned CVE-2024-26810 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 3.6 with commit 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 and fixed in 5.4.274 with commit 1e71b6449d55179170efc8dee8664510bb813b42
 	Issue introduced in 3.6 with commit 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 and fixed in 5.10.215 with commit 3dd9be6cb55e0f47544e7cdda486413f7134e3b3
 	Issue introduced in 3.6 with commit 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 and fixed in 5.15.154 with commit ec73e079729258a05452356cf6d098bf1504d5a6
 	Issue introduced in 3.6 with commit 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 and fixed in 6.1.84 with commit 3fe0ac10bd117df847c93408a9d428a453cd60e5
 	Issue introduced in 3.6 with commit 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 and fixed in 6.6.24 with commit 04a4a017b9ffd7b0f427b8c376688d14cb614651
 	Issue introduced in 3.6 with commit 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 and fixed in 6.7.12 with commit 6fe478d855b20ac1eb5da724afe16af5a2aaaa40
 	Issue introduced in 3.6 with commit 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 and fixed in 6.8.3 with commit 03505e3344b0576fd619416793a31eae9c5b73bf
 	Issue introduced in 3.6 with commit 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 and fixed in 6.9 with commit 810cd4bb53456d0503cc4e7934e063835152c1b7

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-26810
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/vfio/pci/vfio_pci_intrs.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/1e71b6449d55179170efc8dee8664510bb813b42
 	https://git.kernel.org/stable/c/3dd9be6cb55e0f47544e7cdda486413f7134e3b3
 	https://git.kernel.org/stable/c/ec73e079729258a05452356cf6d098bf1504d5a6
 	https://git.kernel.org/stable/c/3fe0ac10bd117df847c93408a9d428a453cd60e5
 	https://git.kernel.org/stable/c/04a4a017b9ffd7b0f427b8c376688d14cb614651
 	https://git.kernel.org/stable/c/6fe478d855b20ac1eb5da724afe16af5a2aaaa40
 	https://git.kernel.org/stable/c/03505e3344b0576fd619416793a31eae9c5b73bf
 	https://git.kernel.org/stable/c/810cd4bb53456d0503cc4e7934e063835152c1b7
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-26810: vfio/pci: Lock external INTx masking ops

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	vfio/pci: Lock external INTx masking ops

	Mask operations through config space changes to DisINTx may race INTx
	configuration changes via ioctl. Create wrappers that add locking for
	paths outside of the core interrupt code.

	In particular, irq_type is updated holding igate, therefore testing
	is_intx() requires holding igate. For example clearing DisINTx from
	config space can otherwise race changes of the interrupt configuration.

	This aligns interfaces which may trigger the INTx eventfd into two
	camps, one side serialized by igate and the other only enabled while
	INTx is configured. A subsequent patch introduces synchronization for
	the latter flows.

	The Linux kernel CVE team has assigned CVE-2024-26810 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 3.6 with commit 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 and fixed in 5.4.274 with commit 1e71b6449d55179170efc8dee8664510bb813b42
	Issue introduced in 3.6 with commit 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 and fixed in 5.10.215 with commit 3dd9be6cb55e0f47544e7cdda486413f7134e3b3
	Issue introduced in 3.6 with commit 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 and fixed in 5.15.154 with commit ec73e079729258a05452356cf6d098bf1504d5a6
	Issue introduced in 3.6 with commit 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 and fixed in 6.1.84 with commit 3fe0ac10bd117df847c93408a9d428a453cd60e5
	Issue introduced in 3.6 with commit 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 and fixed in 6.6.24 with commit 04a4a017b9ffd7b0f427b8c376688d14cb614651
	Issue introduced in 3.6 with commit 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 and fixed in 6.7.12 with commit 6fe478d855b20ac1eb5da724afe16af5a2aaaa40
	Issue introduced in 3.6 with commit 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 and fixed in 6.8.3 with commit 03505e3344b0576fd619416793a31eae9c5b73bf
	Issue introduced in 3.6 with commit 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 and fixed in 6.9 with commit 810cd4bb53456d0503cc4e7934e063835152c1b7

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-26810
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/vfio/pci/vfio_pci_intrs.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/1e71b6449d55179170efc8dee8664510bb813b42
	https://git.kernel.org/stable/c/3dd9be6cb55e0f47544e7cdda486413f7134e3b3
	https://git.kernel.org/stable/c/ec73e079729258a05452356cf6d098bf1504d5a6
	https://git.kernel.org/stable/c/3fe0ac10bd117df847c93408a9d428a453cd60e5
	https://git.kernel.org/stable/c/04a4a017b9ffd7b0f427b8c376688d14cb614651
	https://git.kernel.org/stable/c/6fe478d855b20ac1eb5da724afe16af5a2aaaa40
	https://git.kernel.org/stable/c/03505e3344b0576fd619416793a31eae9c5b73bf
	https://git.kernel.org/stable/c/810cd4bb53456d0503cc4e7934e063835152c1b7