cve/published/2024/CVE-2024-49961.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-49961: media: i2c: ar0521: Use cansleep version of gpiod_set_value()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 media: i2c: ar0521: Use cansleep version of gpiod_set_value()

 If we use GPIO reset from I2C port expander, we must use *_cansleep()
 variant of GPIO functions.
 This was not done in ar0521_power_on()/ar0521_power_off() functions.
 Let's fix that.

 ------------[ cut here ]------------
 WARNING: CPU: 0 PID: 11 at drivers/gpio/gpiolib.c:3496 gpiod_set_value+0x74/0x7c
 Modules linked in:
 CPU: 0 PID: 11 Comm: kworker/u16:0 Not tainted 6.10.0 #53
 Hardware name: Diasom DS-RK3568-SOM-EVB (DT)
 Workqueue: events_unbound deferred_probe_work_func
 pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
 pc : gpiod_set_value+0x74/0x7c
 lr : ar0521_power_on+0xcc/0x290
 sp : ffffff8001d7ab70
 x29: ffffff8001d7ab70 x28: ffffff80027dcc90 x27: ffffff8003c82000
 x26: ffffff8003ca9250 x25: ffffffc080a39c60 x24: ffffff8003ca9088
 x23: ffffff8002402720 x22: ffffff8003ca9080 x21: ffffff8003ca9088
 x20: 0000000000000000 x19: ffffff8001eb2a00 x18: ffffff80efeeac80
 x17: 756d2d6332692f30 x16: 0000000000000000 x15: 0000000000000000
 x14: ffffff8001d91d40 x13: 0000000000000016 x12: ffffffc080e98930
 x11: ffffff8001eb2880 x10: 0000000000000890 x9 : ffffff8001d7a9f0
 x8 : ffffff8001d92570 x7 : ffffff80efeeac80 x6 : 000000003fc6e780
 x5 : ffffff8001d91c80 x4 : 0000000000000002 x3 : 0000000000000000
 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000001
 Call trace:
  gpiod_set_value+0x74/0x7c
  ar0521_power_on+0xcc/0x290
 ...

 The Linux kernel CVE team has assigned CVE-2024-49961 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 6.0 with commit 852b50aeed153b513c0b36298559114fab0fab80 and fixed in 6.1.113 with commit 9f08876d766755a92f1b9543ae3ee21bfc596fb8
 	Issue introduced in 6.0 with commit 852b50aeed153b513c0b36298559114fab0fab80 and fixed in 6.6.55 with commit 625a77b68c96349c16fcc1faa42784313e0b1a85
 	Issue introduced in 6.0 with commit 852b50aeed153b513c0b36298559114fab0fab80 and fixed in 6.10.14 with commit 2423b60a2d6d27e5f66c5021b494463aef2db212
 	Issue introduced in 6.0 with commit 852b50aeed153b513c0b36298559114fab0fab80 and fixed in 6.11.3 with commit 3cf00ecfbf11ee8e6afff306a5bdcff4bf95d2cf
 	Issue introduced in 6.0 with commit 852b50aeed153b513c0b36298559114fab0fab80 and fixed in 6.12 with commit bee1aed819a8cda47927436685d216906ed17f62

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-49961
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/media/i2c/ar0521.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/9f08876d766755a92f1b9543ae3ee21bfc596fb8
 	https://git.kernel.org/stable/c/625a77b68c96349c16fcc1faa42784313e0b1a85
 	https://git.kernel.org/stable/c/2423b60a2d6d27e5f66c5021b494463aef2db212
 	https://git.kernel.org/stable/c/3cf00ecfbf11ee8e6afff306a5bdcff4bf95d2cf
 	https://git.kernel.org/stable/c/bee1aed819a8cda47927436685d216906ed17f62
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-49961: media: i2c: ar0521: Use cansleep version of gpiod_set_value()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	media: i2c: ar0521: Use cansleep version of gpiod_set_value()

	If we use GPIO reset from I2C port expander, we must use *_cansleep()
	variant of GPIO functions.
	This was not done in ar0521_power_on()/ar0521_power_off() functions.
	Let's fix that.

	------------[ cut here ]------------
	WARNING: CPU: 0 PID: 11 at drivers/gpio/gpiolib.c:3496 gpiod_set_value+0x74/0x7c
	Modules linked in:
	CPU: 0 PID: 11 Comm: kworker/u16:0 Not tainted 6.10.0 #53
	Hardware name: Diasom DS-RK3568-SOM-EVB (DT)
	Workqueue: events_unbound deferred_probe_work_func
	pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
	pc : gpiod_set_value+0x74/0x7c
	lr : ar0521_power_on+0xcc/0x290
	sp : ffffff8001d7ab70
	x29: ffffff8001d7ab70 x28: ffffff80027dcc90 x27: ffffff8003c82000
	x26: ffffff8003ca9250 x25: ffffffc080a39c60 x24: ffffff8003ca9088
	x23: ffffff8002402720 x22: ffffff8003ca9080 x21: ffffff8003ca9088
	x20: 0000000000000000 x19: ffffff8001eb2a00 x18: ffffff80efeeac80
	x17: 756d2d6332692f30 x16: 0000000000000000 x15: 0000000000000000
	x14: ffffff8001d91d40 x13: 0000000000000016 x12: ffffffc080e98930
	x11: ffffff8001eb2880 x10: 0000000000000890 x9 : ffffff8001d7a9f0
	x8 : ffffff8001d92570 x7 : ffffff80efeeac80 x6 : 000000003fc6e780
	x5 : ffffff8001d91c80 x4 : 0000000000000002 x3 : 0000000000000000
	x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000001
	Call trace:
	gpiod_set_value+0x74/0x7c
	ar0521_power_on+0xcc/0x290
	...

	The Linux kernel CVE team has assigned CVE-2024-49961 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 6.0 with commit 852b50aeed153b513c0b36298559114fab0fab80 and fixed in 6.1.113 with commit 9f08876d766755a92f1b9543ae3ee21bfc596fb8
	Issue introduced in 6.0 with commit 852b50aeed153b513c0b36298559114fab0fab80 and fixed in 6.6.55 with commit 625a77b68c96349c16fcc1faa42784313e0b1a85
	Issue introduced in 6.0 with commit 852b50aeed153b513c0b36298559114fab0fab80 and fixed in 6.10.14 with commit 2423b60a2d6d27e5f66c5021b494463aef2db212
	Issue introduced in 6.0 with commit 852b50aeed153b513c0b36298559114fab0fab80 and fixed in 6.11.3 with commit 3cf00ecfbf11ee8e6afff306a5bdcff4bf95d2cf
	Issue introduced in 6.0 with commit 852b50aeed153b513c0b36298559114fab0fab80 and fixed in 6.12 with commit bee1aed819a8cda47927436685d216906ed17f62

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-49961
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/media/i2c/ar0521.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/9f08876d766755a92f1b9543ae3ee21bfc596fb8
	https://git.kernel.org/stable/c/625a77b68c96349c16fcc1faa42784313e0b1a85
	https://git.kernel.org/stable/c/2423b60a2d6d27e5f66c5021b494463aef2db212
	https://git.kernel.org/stable/c/3cf00ecfbf11ee8e6afff306a5bdcff4bf95d2cf
	https://git.kernel.org/stable/c/bee1aed819a8cda47927436685d216906ed17f62