| From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001 |
| From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| To: <linux-cve-announce@vger.kernel.org> |
| Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> |
| Subject: CVE-2024-40968: MIPS: Octeon: Add PCIe link status check |
| |
| Description |
| =========== |
| |
| In the Linux kernel, the following vulnerability has been resolved: |
| |
| MIPS: Octeon: Add PCIe link status check |
| |
| The standard PCIe configuration read-write interface is used to |
| access the configuration space of the peripheral PCIe devices |
| of the mips processor after the PCIe link surprise down, it can |
| generate kernel panic caused by "Data bus error". So it is |
| necessary to add PCIe link status check for system protection. |
| When the PCIe link is down or in training, assigning a value |
| of 0 to the configuration address can prevent read-write behavior |
| to the configuration space of peripheral PCIe devices, thereby |
| preventing kernel panic. |
| |
| The Linux kernel CVE team has assigned CVE-2024-40968 to this issue. |
| |
| |
| Affected and fixed versions |
| =========================== |
| |
| Fixed in 4.19.317 with commit 6bff05aaa32c2f7e1f6e68e890876642159db419 |
| Fixed in 5.4.279 with commit 64845ac64819683ad5e51b668b2ed56ee3386aee |
| Fixed in 5.10.221 with commit 6c1b9fe148a4e03bbfa234267ebb89f35285814a |
| Fixed in 5.15.162 with commit 25998f5613159fe35920dbd484fcac7ea3ad0799 |
| Fixed in 6.1.96 with commit d996deb80398a90dd3c03590e68dad543da87d62 |
| Fixed in 6.6.36 with commit 1c33fd17383f48f679186c54df78542106deeaa0 |
| Fixed in 6.9.7 with commit 38d647d509543e9434b3cc470b914348be271fe9 |
| Fixed in 6.10 with commit 29b83a64df3b42c88c0338696feb6fdcd7f1f3b7 |
| |
| Please see https://www.kernel.org for a full list of currently supported |
| kernel versions by the kernel community. |
| |
| Unaffected versions might change over time as fixes are backported to |
| older supported kernel versions. The official CVE entry at |
| https://cve.org/CVERecord/?id=CVE-2024-40968 |
| will be updated if fixes are backported, please check that for the most |
| up to date information about this issue. |
| |
| |
| Affected files |
| ============== |
| |
| The file(s) affected by this issue are: |
| arch/mips/pci/pcie-octeon.c |
| |
| |
| Mitigation |
| ========== |
| |
| The Linux kernel CVE team recommends that you update to the latest |
| stable kernel version for this, and many other bugfixes. Individual |
| changes are never tested alone, but rather are part of a larger kernel |
| release. Cherry-picking individual commits is not recommended or |
| supported by the Linux kernel community at all. If however, updating to |
| the latest release is impossible, the individual changes to resolve this |
| issue can be found at these commits: |
| https://git.kernel.org/stable/c/6bff05aaa32c2f7e1f6e68e890876642159db419 |
| https://git.kernel.org/stable/c/64845ac64819683ad5e51b668b2ed56ee3386aee |
| https://git.kernel.org/stable/c/6c1b9fe148a4e03bbfa234267ebb89f35285814a |
| https://git.kernel.org/stable/c/25998f5613159fe35920dbd484fcac7ea3ad0799 |
| https://git.kernel.org/stable/c/d996deb80398a90dd3c03590e68dad543da87d62 |
| https://git.kernel.org/stable/c/1c33fd17383f48f679186c54df78542106deeaa0 |
| https://git.kernel.org/stable/c/38d647d509543e9434b3cc470b914348be271fe9 |
| https://git.kernel.org/stable/c/29b83a64df3b42c88c0338696feb6fdcd7f1f3b7 |
