cve/published/2024/CVE-2024-50057.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-50057: usb: typec: tipd: Free IRQ only if it was requested before

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 usb: typec: tipd: Free IRQ only if it was requested before

 In polling mode, if no IRQ was requested there is no need to free it.
 Call devm_free_irq() only if client->irq is set. This fixes the warning
 caused by the tps6598x module removal:

 WARNING: CPU: 2 PID: 333 at kernel/irq/devres.c:144 devm_free_irq+0x80/0x8c
 ...
 ...
 Call trace:
   devm_free_irq+0x80/0x8c
   tps6598x_remove+0x28/0x88 [tps6598x]
   i2c_device_remove+0x2c/0x9c
   device_remove+0x4c/0x80
   device_release_driver_internal+0x1cc/0x228
   driver_detach+0x50/0x98
   bus_remove_driver+0x6c/0xbc
   driver_unregister+0x30/0x60
   i2c_del_driver+0x54/0x64
   tps6598x_i2c_driver_exit+0x18/0xc3c [tps6598x]
   __arm64_sys_delete_module+0x184/0x264
   invoke_syscall+0x48/0x110
   el0_svc_common.constprop.0+0xc8/0xe8
   do_el0_svc+0x20/0x2c
   el0_svc+0x28/0x98
   el0t_64_sync_handler+0x13c/0x158
   el0t_64_sync+0x190/0x194

 The Linux kernel CVE team has assigned CVE-2024-50057 to this issue.


 Affected and fixed versions
 ===========================

 	Fixed in 6.6.57 with commit b72bf5cade51ba4055c8a8998d275e72e6b521ce
 	Fixed in 6.11.4 with commit 4d4b23c119542fbaed2a16794d3801cb4806ea02
 	Fixed in 6.12 with commit db63d9868f7f310de44ba7bea584e2454f8b4ed0

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-50057
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/usb/typec/tipd/core.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/b72bf5cade51ba4055c8a8998d275e72e6b521ce
 	https://git.kernel.org/stable/c/4d4b23c119542fbaed2a16794d3801cb4806ea02
 	https://git.kernel.org/stable/c/db63d9868f7f310de44ba7bea584e2454f8b4ed0
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-50057: usb: typec: tipd: Free IRQ only if it was requested before

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	usb: typec: tipd: Free IRQ only if it was requested before

	In polling mode, if no IRQ was requested there is no need to free it.
	Call devm_free_irq() only if client->irq is set. This fixes the warning
	caused by the tps6598x module removal:

	WARNING: CPU: 2 PID: 333 at kernel/irq/devres.c:144 devm_free_irq+0x80/0x8c
	...
	...
	Call trace:
	devm_free_irq+0x80/0x8c
	tps6598x_remove+0x28/0x88 [tps6598x]
	i2c_device_remove+0x2c/0x9c
	device_remove+0x4c/0x80
	device_release_driver_internal+0x1cc/0x228
	driver_detach+0x50/0x98
	bus_remove_driver+0x6c/0xbc
	driver_unregister+0x30/0x60
	i2c_del_driver+0x54/0x64
	tps6598x_i2c_driver_exit+0x18/0xc3c [tps6598x]
	__arm64_sys_delete_module+0x184/0x264
	invoke_syscall+0x48/0x110
	el0_svc_common.constprop.0+0xc8/0xe8
	do_el0_svc+0x20/0x2c
	el0_svc+0x28/0x98
	el0t_64_sync_handler+0x13c/0x158
	el0t_64_sync+0x190/0x194

	The Linux kernel CVE team has assigned CVE-2024-50057 to this issue.


	Affected and fixed versions
	===========================

	Fixed in 6.6.57 with commit b72bf5cade51ba4055c8a8998d275e72e6b521ce
	Fixed in 6.11.4 with commit 4d4b23c119542fbaed2a16794d3801cb4806ea02
	Fixed in 6.12 with commit db63d9868f7f310de44ba7bea584e2454f8b4ed0

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-50057
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/usb/typec/tipd/core.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/b72bf5cade51ba4055c8a8998d275e72e6b521ce
	https://git.kernel.org/stable/c/4d4b23c119542fbaed2a16794d3801cb4806ea02
	https://git.kernel.org/stable/c/db63d9868f7f310de44ba7bea584e2454f8b4ed0