cve/published/2024/CVE-2024-39282.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-39282: net: wwan: t7xx: Fix FSM command timeout issue

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 net: wwan: t7xx: Fix FSM command timeout issue

 When driver processes the internal state change command, it use an
 asynchronous thread to process the command operation. If the main
 thread detects that the task has timed out, the asynchronous thread
 will panic when executing the completion notification because the
 main thread completion object has been released.

 BUG: unable to handle page fault for address: fffffffffffffff8
 PGD 1f283a067 P4D 1f283a067 PUD 1f283c067 PMD 0
 Oops: 0000 [#1] PREEMPT SMP NOPTI
 RIP: 0010:complete_all+0x3e/0xa0
 [...]
 Call Trace:
  <TASK>
  ? __die_body+0x68/0xb0
  ? page_fault_oops+0x379/0x3e0
  ? exc_page_fault+0x69/0xa0
  ? asm_exc_page_fault+0x22/0x30
  ? complete_all+0x3e/0xa0
  fsm_main_thread+0xa3/0x9c0 [mtk_t7xx (HASH:1400 5)]
  ? __pfx_autoremove_wake_function+0x10/0x10
  kthread+0xd8/0x110
  ? __pfx_fsm_main_thread+0x10/0x10 [mtk_t7xx (HASH:1400 5)]
  ? __pfx_kthread+0x10/0x10
  ret_from_fork+0x38/0x50
  ? __pfx_kthread+0x10/0x10
  ret_from_fork_asm+0x1b/0x30
  </TASK>
 [...]
 CR2: fffffffffffffff8
 ---[ end trace 0000000000000000 ]---

 Use the reference counter to ensure safe release as Sergey suggests:
 https://lore.kernel.org/all/da90f64c-260a-4329-87bf-1f9ff20a5951@gmail.com/

 The Linux kernel CVE team has assigned CVE-2024-39282 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.19 with commit 13e920d93e37fcaef4a9309515798a3cae9dcf19 and fixed in 6.1.124 with commit b8ab9bd0c8855cd5a6f4e0265083576257ff3fc5
 	Issue introduced in 5.19 with commit 13e920d93e37fcaef4a9309515798a3cae9dcf19 and fixed in 6.6.70 with commit 0cd3bde081cd3452c875fa1e5c55834c670d6e05
 	Issue introduced in 5.19 with commit 13e920d93e37fcaef4a9309515798a3cae9dcf19 and fixed in 6.12.9 with commit e6e6882a1590cbdaca77a31a02f4954327237e14
 	Issue introduced in 5.19 with commit 13e920d93e37fcaef4a9309515798a3cae9dcf19 and fixed in 6.13 with commit 4f619d518db9cd1a933c3a095a5f95d0c1584ae8

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-39282
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/net/wwan/t7xx/t7xx_state_monitor.c
 	drivers/net/wwan/t7xx/t7xx_state_monitor.h


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/b8ab9bd0c8855cd5a6f4e0265083576257ff3fc5
 	https://git.kernel.org/stable/c/0cd3bde081cd3452c875fa1e5c55834c670d6e05
 	https://git.kernel.org/stable/c/e6e6882a1590cbdaca77a31a02f4954327237e14
 	https://git.kernel.org/stable/c/4f619d518db9cd1a933c3a095a5f95d0c1584ae8
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-39282: net: wwan: t7xx: Fix FSM command timeout issue

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	net: wwan: t7xx: Fix FSM command timeout issue

	When driver processes the internal state change command, it use an
	asynchronous thread to process the command operation. If the main
	thread detects that the task has timed out, the asynchronous thread
	will panic when executing the completion notification because the
	main thread completion object has been released.

	BUG: unable to handle page fault for address: fffffffffffffff8
	PGD 1f283a067 P4D 1f283a067 PUD 1f283c067 PMD 0
	Oops: 0000 [#1] PREEMPT SMP NOPTI
	RIP: 0010:complete_all+0x3e/0xa0
	[...]
	Call Trace:
	<TASK>
	? __die_body+0x68/0xb0
	? page_fault_oops+0x379/0x3e0
	? exc_page_fault+0x69/0xa0
	? asm_exc_page_fault+0x22/0x30
	? complete_all+0x3e/0xa0
	fsm_main_thread+0xa3/0x9c0 [mtk_t7xx (HASH:1400 5)]
	? __pfx_autoremove_wake_function+0x10/0x10
	kthread+0xd8/0x110
	? __pfx_fsm_main_thread+0x10/0x10 [mtk_t7xx (HASH:1400 5)]
	? __pfx_kthread+0x10/0x10
	ret_from_fork+0x38/0x50
	? __pfx_kthread+0x10/0x10
	ret_from_fork_asm+0x1b/0x30
	</TASK>
	[...]
	CR2: fffffffffffffff8
	---[ end trace 0000000000000000 ]---

	Use the reference counter to ensure safe release as Sergey suggests:
	https://lore.kernel.org/all/da90f64c-260a-4329-87bf-1f9ff20a5951@gmail.com/

	The Linux kernel CVE team has assigned CVE-2024-39282 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.19 with commit 13e920d93e37fcaef4a9309515798a3cae9dcf19 and fixed in 6.1.124 with commit b8ab9bd0c8855cd5a6f4e0265083576257ff3fc5
	Issue introduced in 5.19 with commit 13e920d93e37fcaef4a9309515798a3cae9dcf19 and fixed in 6.6.70 with commit 0cd3bde081cd3452c875fa1e5c55834c670d6e05
	Issue introduced in 5.19 with commit 13e920d93e37fcaef4a9309515798a3cae9dcf19 and fixed in 6.12.9 with commit e6e6882a1590cbdaca77a31a02f4954327237e14
	Issue introduced in 5.19 with commit 13e920d93e37fcaef4a9309515798a3cae9dcf19 and fixed in 6.13 with commit 4f619d518db9cd1a933c3a095a5f95d0c1584ae8

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-39282
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/net/wwan/t7xx/t7xx_state_monitor.c
	drivers/net/wwan/t7xx/t7xx_state_monitor.h


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/b8ab9bd0c8855cd5a6f4e0265083576257ff3fc5
	https://git.kernel.org/stable/c/0cd3bde081cd3452c875fa1e5c55834c670d6e05
	https://git.kernel.org/stable/c/e6e6882a1590cbdaca77a31a02f4954327237e14
	https://git.kernel.org/stable/c/4f619d518db9cd1a933c3a095a5f95d0c1584ae8