cve/published/2024/CVE-2024-46829.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-46829: rtmutex: Drop rt_mutex::wait_lock before scheduling

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 rtmutex: Drop rt_mutex::wait_lock before scheduling

 rt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held.  In the
 good case it returns with the lock held and in the deadlock case it emits a
 warning and goes into an endless scheduling loop with the lock held, which
 triggers the 'scheduling in atomic' warning.

 Unlock rt_mutex::wait_lock in the dead lock case before issuing the warning
 and dropping into the schedule for ever loop.

 [ tglx: Moved unlock before the WARN(), removed the pointless comment,
   	massaged changelog, added Fixes tag ]

 The Linux kernel CVE team has assigned CVE-2024-46829 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 3.16 with commit 3d5c9340d1949733eb37616abd15db36aef9a57c and fixed in 4.19.322 with commit 432efdbe7da5ecfcbc0c2180cfdbab1441752a38
 	Issue introduced in 3.16 with commit 3d5c9340d1949733eb37616abd15db36aef9a57c and fixed in 5.4.284 with commit 6a976e9a47e8e5b326de671811561cab12e6fb1f
 	Issue introduced in 3.16 with commit 3d5c9340d1949733eb37616abd15db36aef9a57c and fixed in 5.10.226 with commit 1401da1486dc1cdbef6025fd74a3977df3a3e5d0
 	Issue introduced in 3.16 with commit 3d5c9340d1949733eb37616abd15db36aef9a57c and fixed in 5.15.167 with commit 93f44655472d9cd418293d328f9d141ca234ad83
 	Issue introduced in 3.16 with commit 3d5c9340d1949733eb37616abd15db36aef9a57c and fixed in 6.1.110 with commit a92d81c9efec9280681c27a2c0a963fd0f1338e0
 	Issue introduced in 3.16 with commit 3d5c9340d1949733eb37616abd15db36aef9a57c and fixed in 6.6.51 with commit 85f03ca98e07cd0786738b56ae73740bce0ac27f
 	Issue introduced in 3.16 with commit 3d5c9340d1949733eb37616abd15db36aef9a57c and fixed in 6.10.10 with commit f13b5afc5c4889569d84c3011ce449f61fccfb28
 	Issue introduced in 3.16 with commit 3d5c9340d1949733eb37616abd15db36aef9a57c and fixed in 6.11 with commit d33d26036a0274b472299d7dcdaa5fb34329f91b
 	Issue introduced in 3.2.61 with commit 95f9aded9436aa3ce714aeff3f45fcc1431df7d2
 	Issue introduced in 3.4.99 with commit ea018da95368adfb700689bd9842714f7c3db665
 	Issue introduced in 3.10.49 with commit 1201613a70dd34bd347ba2970919b3f1d5fbfb4a
 	Issue introduced in 3.12.25 with commit a2e64fcdc83c645813f7b93e4df291841ba7c625
 	Issue introduced in 3.14.10 with commit fb52f40e085ef4074f1335672cd62c1f832af13b
 	Issue introduced in 3.15.3 with commit 2b1f3807ed9cafb59c956ce76a05d25e67103f2e

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-46829
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	kernel/locking/rtmutex.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/432efdbe7da5ecfcbc0c2180cfdbab1441752a38
 	https://git.kernel.org/stable/c/6a976e9a47e8e5b326de671811561cab12e6fb1f
 	https://git.kernel.org/stable/c/1401da1486dc1cdbef6025fd74a3977df3a3e5d0
 	https://git.kernel.org/stable/c/93f44655472d9cd418293d328f9d141ca234ad83
 	https://git.kernel.org/stable/c/a92d81c9efec9280681c27a2c0a963fd0f1338e0
 	https://git.kernel.org/stable/c/85f03ca98e07cd0786738b56ae73740bce0ac27f
 	https://git.kernel.org/stable/c/f13b5afc5c4889569d84c3011ce449f61fccfb28
 	https://git.kernel.org/stable/c/d33d26036a0274b472299d7dcdaa5fb34329f91b
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-46829: rtmutex: Drop rt_mutex::wait_lock before scheduling

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	rtmutex: Drop rt_mutex::wait_lock before scheduling

	rt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held. In the
	good case it returns with the lock held and in the deadlock case it emits a
	warning and goes into an endless scheduling loop with the lock held, which
	triggers the 'scheduling in atomic' warning.

	Unlock rt_mutex::wait_lock in the dead lock case before issuing the warning
	and dropping into the schedule for ever loop.

	[ tglx: Moved unlock before the WARN(), removed the pointless comment,
	massaged changelog, added Fixes tag ]

	The Linux kernel CVE team has assigned CVE-2024-46829 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 3.16 with commit 3d5c9340d1949733eb37616abd15db36aef9a57c and fixed in 4.19.322 with commit 432efdbe7da5ecfcbc0c2180cfdbab1441752a38
	Issue introduced in 3.16 with commit 3d5c9340d1949733eb37616abd15db36aef9a57c and fixed in 5.4.284 with commit 6a976e9a47e8e5b326de671811561cab12e6fb1f
	Issue introduced in 3.16 with commit 3d5c9340d1949733eb37616abd15db36aef9a57c and fixed in 5.10.226 with commit 1401da1486dc1cdbef6025fd74a3977df3a3e5d0
	Issue introduced in 3.16 with commit 3d5c9340d1949733eb37616abd15db36aef9a57c and fixed in 5.15.167 with commit 93f44655472d9cd418293d328f9d141ca234ad83
	Issue introduced in 3.16 with commit 3d5c9340d1949733eb37616abd15db36aef9a57c and fixed in 6.1.110 with commit a92d81c9efec9280681c27a2c0a963fd0f1338e0
	Issue introduced in 3.16 with commit 3d5c9340d1949733eb37616abd15db36aef9a57c and fixed in 6.6.51 with commit 85f03ca98e07cd0786738b56ae73740bce0ac27f
	Issue introduced in 3.16 with commit 3d5c9340d1949733eb37616abd15db36aef9a57c and fixed in 6.10.10 with commit f13b5afc5c4889569d84c3011ce449f61fccfb28
	Issue introduced in 3.16 with commit 3d5c9340d1949733eb37616abd15db36aef9a57c and fixed in 6.11 with commit d33d26036a0274b472299d7dcdaa5fb34329f91b
	Issue introduced in 3.2.61 with commit 95f9aded9436aa3ce714aeff3f45fcc1431df7d2
	Issue introduced in 3.4.99 with commit ea018da95368adfb700689bd9842714f7c3db665
	Issue introduced in 3.10.49 with commit 1201613a70dd34bd347ba2970919b3f1d5fbfb4a
	Issue introduced in 3.12.25 with commit a2e64fcdc83c645813f7b93e4df291841ba7c625
	Issue introduced in 3.14.10 with commit fb52f40e085ef4074f1335672cd62c1f832af13b
	Issue introduced in 3.15.3 with commit 2b1f3807ed9cafb59c956ce76a05d25e67103f2e

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-46829
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	kernel/locking/rtmutex.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/432efdbe7da5ecfcbc0c2180cfdbab1441752a38
	https://git.kernel.org/stable/c/6a976e9a47e8e5b326de671811561cab12e6fb1f
	https://git.kernel.org/stable/c/1401da1486dc1cdbef6025fd74a3977df3a3e5d0
	https://git.kernel.org/stable/c/93f44655472d9cd418293d328f9d141ca234ad83
	https://git.kernel.org/stable/c/a92d81c9efec9280681c27a2c0a963fd0f1338e0
	https://git.kernel.org/stable/c/85f03ca98e07cd0786738b56ae73740bce0ac27f
	https://git.kernel.org/stable/c/f13b5afc5c4889569d84c3011ce449f61fccfb28
	https://git.kernel.org/stable/c/d33d26036a0274b472299d7dcdaa5fb34329f91b