| From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001 |
| From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| To: <linux-cve-announce@vger.kernel.org> |
| Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> |
| Subject: CVE-2024-27057: ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend |
| |
| Description |
| =========== |
| |
| In the Linux kernel, the following vulnerability has been resolved: |
| |
| ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend |
| |
| When the system is suspended while audio is active, the |
| sof_ipc4_pcm_hw_free() is invoked to reset the pipelines since during |
| suspend the DSP is turned off, streams will be re-started after resume. |
| |
| If the firmware crashes during while audio is running (or when we reset |
| the stream before suspend) then the sof_ipc4_set_multi_pipeline_state() |
| will fail with IPC error and the state change is interrupted. |
| This will cause misalignment between the kernel and firmware state on next |
| DSP boot resulting errors returned by firmware for IPC messages, eventually |
| failing the audio resume. |
| On stream close the errors are ignored so the kernel state will be |
| corrected on the next DSP boot, so the second boot after the DSP panic. |
| |
| If sof_ipc4_trigger_pipelines() is called from sof_ipc4_pcm_hw_free() then |
| state parameter is SOF_IPC4_PIPE_RESET and only in this case. |
| |
| Treat a forced pipeline reset similarly to how we treat a pcm_free by |
| ignoring error on state sending to allow the kernel's state to be |
| consistent with the state the firmware will have after the next boot. |
| |
| The Linux kernel CVE team has assigned CVE-2024-27057 to this issue. |
| |
| |
| Affected and fixed versions |
| =========================== |
| |
| Issue introduced in 5.19 with commit ceb89acc4dc8f071f63f8d64442c7a5d768e4c9d and fixed in 6.6.23 with commit 3cac6eebea9b4bc5f041e157e45c76e212ad6759 |
| Issue introduced in 5.19 with commit ceb89acc4dc8f071f63f8d64442c7a5d768e4c9d and fixed in 6.7.11 with commit d153e8b154f9746ac969c85a4e6474760453647c |
| Issue introduced in 5.19 with commit ceb89acc4dc8f071f63f8d64442c7a5d768e4c9d and fixed in 6.8 with commit c40aad7c81e5fba34b70123ed7ce3397fa62a4d2 |
| |
| Please see https://www.kernel.org for a full list of currently supported |
| kernel versions by the kernel community. |
| |
| Unaffected versions might change over time as fixes are backported to |
| older supported kernel versions. The official CVE entry at |
| https://cve.org/CVERecord/?id=CVE-2024-27057 |
| will be updated if fixes are backported, please check that for the most |
| up to date information about this issue. |
| |
| |
| Affected files |
| ============== |
| |
| The file(s) affected by this issue are: |
| sound/soc/sof/ipc4-pcm.c |
| |
| |
| Mitigation |
| ========== |
| |
| The Linux kernel CVE team recommends that you update to the latest |
| stable kernel version for this, and many other bugfixes. Individual |
| changes are never tested alone, but rather are part of a larger kernel |
| release. Cherry-picking individual commits is not recommended or |
| supported by the Linux kernel community at all. If however, updating to |
| the latest release is impossible, the individual changes to resolve this |
| issue can be found at these commits: |
| https://git.kernel.org/stable/c/3cac6eebea9b4bc5f041e157e45c76e212ad6759 |
| https://git.kernel.org/stable/c/d153e8b154f9746ac969c85a4e6474760453647c |
| https://git.kernel.org/stable/c/c40aad7c81e5fba34b70123ed7ce3397fa62a4d2 |
