cve/published/2024/CVE-2024-42153.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-42153: i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr

 When del_timer_sync() is called in an interrupt context it throws a warning
 because of potential deadlock. The timer is used only to exit from
 wait_for_completion() after a timeout so replacing the call with
 wait_for_completion_timeout() allows to remove the problematic timer and
 its related functions altogether.

 The Linux kernel CVE team has assigned CVE-2024-42153 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 2.6.20 with commit 41561f28e76a47dc6de0a954da85d0b5c42874eb and fixed in 4.19.318 with commit a349e5ab4dc9954746e836cd10b407ce48f9b2f6
 	Issue introduced in 2.6.20 with commit 41561f28e76a47dc6de0a954da85d0b5c42874eb and fixed in 5.4.280 with commit effe0500afda017a86c94482b1e36bc37586c9af
 	Issue introduced in 2.6.20 with commit 41561f28e76a47dc6de0a954da85d0b5c42874eb and fixed in 5.10.222 with commit 2849a1b747cf37aa5b684527104d3a53f1e296d2
 	Issue introduced in 2.6.20 with commit 41561f28e76a47dc6de0a954da85d0b5c42874eb and fixed in 5.15.163 with commit 3503372d0bf7b324ec0bd6b90606703991426176
 	Issue introduced in 2.6.20 with commit 41561f28e76a47dc6de0a954da85d0b5c42874eb and fixed in 6.1.98 with commit 3d32327f5cfc087ee3922a3bcdcc29880dcdb50f
 	Issue introduced in 2.6.20 with commit 41561f28e76a47dc6de0a954da85d0b5c42874eb and fixed in 6.6.39 with commit 92e494a7568b60ae80d57fc0deafcaf3a4029ab3
 	Issue introduced in 2.6.20 with commit 41561f28e76a47dc6de0a954da85d0b5c42874eb and fixed in 6.9.9 with commit 27cd3873fa76ebeb9f948baae40cb9a6d8692289
 	Issue introduced in 2.6.20 with commit 41561f28e76a47dc6de0a954da85d0b5c42874eb and fixed in 6.10 with commit f63b94be6942ba82c55343e196bd09b53227618e

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-42153
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/i2c/busses/i2c-pnx.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/a349e5ab4dc9954746e836cd10b407ce48f9b2f6
 	https://git.kernel.org/stable/c/effe0500afda017a86c94482b1e36bc37586c9af
 	https://git.kernel.org/stable/c/2849a1b747cf37aa5b684527104d3a53f1e296d2
 	https://git.kernel.org/stable/c/3503372d0bf7b324ec0bd6b90606703991426176
 	https://git.kernel.org/stable/c/3d32327f5cfc087ee3922a3bcdcc29880dcdb50f
 	https://git.kernel.org/stable/c/92e494a7568b60ae80d57fc0deafcaf3a4029ab3
 	https://git.kernel.org/stable/c/27cd3873fa76ebeb9f948baae40cb9a6d8692289
 	https://git.kernel.org/stable/c/f63b94be6942ba82c55343e196bd09b53227618e
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-42153: i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr

	When del_timer_sync() is called in an interrupt context it throws a warning
	because of potential deadlock. The timer is used only to exit from
	wait_for_completion() after a timeout so replacing the call with
	wait_for_completion_timeout() allows to remove the problematic timer and
	its related functions altogether.

	The Linux kernel CVE team has assigned CVE-2024-42153 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 2.6.20 with commit 41561f28e76a47dc6de0a954da85d0b5c42874eb and fixed in 4.19.318 with commit a349e5ab4dc9954746e836cd10b407ce48f9b2f6
	Issue introduced in 2.6.20 with commit 41561f28e76a47dc6de0a954da85d0b5c42874eb and fixed in 5.4.280 with commit effe0500afda017a86c94482b1e36bc37586c9af
	Issue introduced in 2.6.20 with commit 41561f28e76a47dc6de0a954da85d0b5c42874eb and fixed in 5.10.222 with commit 2849a1b747cf37aa5b684527104d3a53f1e296d2
	Issue introduced in 2.6.20 with commit 41561f28e76a47dc6de0a954da85d0b5c42874eb and fixed in 5.15.163 with commit 3503372d0bf7b324ec0bd6b90606703991426176
	Issue introduced in 2.6.20 with commit 41561f28e76a47dc6de0a954da85d0b5c42874eb and fixed in 6.1.98 with commit 3d32327f5cfc087ee3922a3bcdcc29880dcdb50f
	Issue introduced in 2.6.20 with commit 41561f28e76a47dc6de0a954da85d0b5c42874eb and fixed in 6.6.39 with commit 92e494a7568b60ae80d57fc0deafcaf3a4029ab3
	Issue introduced in 2.6.20 with commit 41561f28e76a47dc6de0a954da85d0b5c42874eb and fixed in 6.9.9 with commit 27cd3873fa76ebeb9f948baae40cb9a6d8692289
	Issue introduced in 2.6.20 with commit 41561f28e76a47dc6de0a954da85d0b5c42874eb and fixed in 6.10 with commit f63b94be6942ba82c55343e196bd09b53227618e

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-42153
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/i2c/busses/i2c-pnx.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/a349e5ab4dc9954746e836cd10b407ce48f9b2f6
	https://git.kernel.org/stable/c/effe0500afda017a86c94482b1e36bc37586c9af
	https://git.kernel.org/stable/c/2849a1b747cf37aa5b684527104d3a53f1e296d2
	https://git.kernel.org/stable/c/3503372d0bf7b324ec0bd6b90606703991426176
	https://git.kernel.org/stable/c/3d32327f5cfc087ee3922a3bcdcc29880dcdb50f
	https://git.kernel.org/stable/c/92e494a7568b60ae80d57fc0deafcaf3a4029ab3
	https://git.kernel.org/stable/c/27cd3873fa76ebeb9f948baae40cb9a6d8692289
	https://git.kernel.org/stable/c/f63b94be6942ba82c55343e196bd09b53227618e