cve/published/2024/CVE-2024-42095.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-42095: serial: 8250_omap: Implementation of Errata i2310

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 serial: 8250_omap: Implementation of Errata i2310

 As per Errata i2310[0], Erroneous timeout can be triggered,
 if this Erroneous interrupt is not cleared then it may leads
 to storm of interrupts, therefore apply Errata i2310 solution.

 [0] https://www.ti.com/lit/pdf/sprz536 page 23

 The Linux kernel CVE team has assigned CVE-2024-42095 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.10.50 with commit 9443acbd251f366804b20a27be72ba67df532cb1 and fixed in 5.10.221 with commit cb879300669881970eabebe64bd509dbbe42b9de
 	Issue introduced in 5.14 with commit b67e830d38fa9335d927fe67e812e3ed81b4689c and fixed in 5.15.162 with commit 87257a28271c828a98f762bf2dd803c1793d2b5b
 	Issue introduced in 5.14 with commit b67e830d38fa9335d927fe67e812e3ed81b4689c and fixed in 6.1.97 with commit 98840e410d53329f5331ecdce095e740791963d0
 	Issue introduced in 5.14 with commit b67e830d38fa9335d927fe67e812e3ed81b4689c and fixed in 6.6.37 with commit e67d7f38008e56fb691b6a72cadf16c107c2f48b
 	Issue introduced in 5.14 with commit b67e830d38fa9335d927fe67e812e3ed81b4689c and fixed in 6.9.8 with commit 6270051f656004ca5cde644c73cb1fa4d718792e
 	Issue introduced in 5.14 with commit b67e830d38fa9335d927fe67e812e3ed81b4689c and fixed in 6.10 with commit 9d141c1e615795eeb93cd35501ad144ee997a826
 	Issue introduced in 5.12.17 with commit bf1bcca53c35a40976afbdd40aaea9424154f57b
 	Issue introduced in 5.13.2 with commit ed87ec89b7f6071de06380a0216e6aa420eb9742

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-42095
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/tty/serial/8250/8250_omap.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/cb879300669881970eabebe64bd509dbbe42b9de
 	https://git.kernel.org/stable/c/87257a28271c828a98f762bf2dd803c1793d2b5b
 	https://git.kernel.org/stable/c/98840e410d53329f5331ecdce095e740791963d0
 	https://git.kernel.org/stable/c/e67d7f38008e56fb691b6a72cadf16c107c2f48b
 	https://git.kernel.org/stable/c/6270051f656004ca5cde644c73cb1fa4d718792e
 	https://git.kernel.org/stable/c/9d141c1e615795eeb93cd35501ad144ee997a826
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-42095: serial: 8250_omap: Implementation of Errata i2310

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	serial: 8250_omap: Implementation of Errata i2310

	As per Errata i2310[0], Erroneous timeout can be triggered,
	if this Erroneous interrupt is not cleared then it may leads
	to storm of interrupts, therefore apply Errata i2310 solution.

	[0] https://www.ti.com/lit/pdf/sprz536 page 23

	The Linux kernel CVE team has assigned CVE-2024-42095 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.10.50 with commit 9443acbd251f366804b20a27be72ba67df532cb1 and fixed in 5.10.221 with commit cb879300669881970eabebe64bd509dbbe42b9de
	Issue introduced in 5.14 with commit b67e830d38fa9335d927fe67e812e3ed81b4689c and fixed in 5.15.162 with commit 87257a28271c828a98f762bf2dd803c1793d2b5b
	Issue introduced in 5.14 with commit b67e830d38fa9335d927fe67e812e3ed81b4689c and fixed in 6.1.97 with commit 98840e410d53329f5331ecdce095e740791963d0
	Issue introduced in 5.14 with commit b67e830d38fa9335d927fe67e812e3ed81b4689c and fixed in 6.6.37 with commit e67d7f38008e56fb691b6a72cadf16c107c2f48b
	Issue introduced in 5.14 with commit b67e830d38fa9335d927fe67e812e3ed81b4689c and fixed in 6.9.8 with commit 6270051f656004ca5cde644c73cb1fa4d718792e
	Issue introduced in 5.14 with commit b67e830d38fa9335d927fe67e812e3ed81b4689c and fixed in 6.10 with commit 9d141c1e615795eeb93cd35501ad144ee997a826
	Issue introduced in 5.12.17 with commit bf1bcca53c35a40976afbdd40aaea9424154f57b
	Issue introduced in 5.13.2 with commit ed87ec89b7f6071de06380a0216e6aa420eb9742

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-42095
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/tty/serial/8250/8250_omap.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/cb879300669881970eabebe64bd509dbbe42b9de
	https://git.kernel.org/stable/c/87257a28271c828a98f762bf2dd803c1793d2b5b
	https://git.kernel.org/stable/c/98840e410d53329f5331ecdce095e740791963d0
	https://git.kernel.org/stable/c/e67d7f38008e56fb691b6a72cadf16c107c2f48b
	https://git.kernel.org/stable/c/6270051f656004ca5cde644c73cb1fa4d718792e
	https://git.kernel.org/stable/c/9d141c1e615795eeb93cd35501ad144ee997a826