| From bippy-1.2.0 Mon Sep 17 00:00:00 2001 |
| From: Greg Kroah-Hartman <gregkh@kernel.org> |
| To: <linux-cve-announce@vger.kernel.org> |
| Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> |
| Subject: CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes |
| |
| Description |
| =========== |
| |
| In the Linux kernel, the following vulnerability has been resolved: |
| |
| powerpc/eeh: avoid possible crash when edev->pdev changes |
| |
| If a PCI device is removed during eeh_pe_report_edev(), edev->pdev |
| will change and can cause a crash, hold the PCI rescan/remove lock |
| while taking a copy of edev->pdev->bus. |
| |
| The Linux kernel CVE team has assigned CVE-2024-41064 to this issue. |
| |
| |
| Affected and fixed versions |
| =========================== |
| |
| Issue introduced in 3.7 with commit 9b3c76f08122f5efdbe4992a64b8478cc92dd983 and fixed in 5.4.281 with commit 8836e1bf5838ac6c08760e0a2dd7cf6410aa7ff3 |
| Issue introduced in 3.7 with commit 9b3c76f08122f5efdbe4992a64b8478cc92dd983 and fixed in 5.10.223 with commit 033c51dfdbb6b79ab43fb3587276fa82d0a329e1 |
| Issue introduced in 3.7 with commit 9b3c76f08122f5efdbe4992a64b8478cc92dd983 and fixed in 5.15.164 with commit 4fad7fef847b6028475dd7b4c14fcb82b3e51274 |
| Issue introduced in 3.7 with commit 9b3c76f08122f5efdbe4992a64b8478cc92dd983 and fixed in 6.1.101 with commit 4bc246d2d60d071314842fa448faa4ed39082aff |
| Issue introduced in 3.7 with commit 9b3c76f08122f5efdbe4992a64b8478cc92dd983 and fixed in 6.6.42 with commit f23c3d1ca9c4b2d626242a4e7e1ec1770447f7b5 |
| Issue introduced in 3.7 with commit 9b3c76f08122f5efdbe4992a64b8478cc92dd983 and fixed in 6.9.11 with commit 428d940a8b6b3350b282c14d3f63350bde65c48b |
| Issue introduced in 3.7 with commit 9b3c76f08122f5efdbe4992a64b8478cc92dd983 and fixed in 6.10 with commit a1216e62d039bf63a539bbe718536ec789a853dd |
| |
| Please see https://www.kernel.org for a full list of currently supported |
| kernel versions by the kernel community. |
| |
| Unaffected versions might change over time as fixes are backported to |
| older supported kernel versions. The official CVE entry at |
| https://cve.org/CVERecord/?id=CVE-2024-41064 |
| will be updated if fixes are backported, please check that for the most |
| up to date information about this issue. |
| |
| |
| Affected files |
| ============== |
| |
| The file(s) affected by this issue are: |
| arch/powerpc/kernel/eeh_pe.c |
| |
| |
| Mitigation |
| ========== |
| |
| The Linux kernel CVE team recommends that you update to the latest |
| stable kernel version for this, and many other bugfixes. Individual |
| changes are never tested alone, but rather are part of a larger kernel |
| release. Cherry-picking individual commits is not recommended or |
| supported by the Linux kernel community at all. If however, updating to |
| the latest release is impossible, the individual changes to resolve this |
| issue can be found at these commits: |
| https://git.kernel.org/stable/c/8836e1bf5838ac6c08760e0a2dd7cf6410aa7ff3 |
| https://git.kernel.org/stable/c/033c51dfdbb6b79ab43fb3587276fa82d0a329e1 |
| https://git.kernel.org/stable/c/4fad7fef847b6028475dd7b4c14fcb82b3e51274 |
| https://git.kernel.org/stable/c/4bc246d2d60d071314842fa448faa4ed39082aff |
| https://git.kernel.org/stable/c/f23c3d1ca9c4b2d626242a4e7e1ec1770447f7b5 |
| https://git.kernel.org/stable/c/428d940a8b6b3350b282c14d3f63350bde65c48b |
| https://git.kernel.org/stable/c/a1216e62d039bf63a539bbe718536ec789a853dd |
