cve/published/2024/CVE-2024-56680.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-56680: media: intel/ipu6: do not handle interrupts when device is disabled

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 media: intel/ipu6: do not handle interrupts when device is disabled

 Some IPU6 devices have shared interrupts. We need to handle properly
 case when interrupt is triggered from other device on shared irq line
 and IPU6 itself disabled. In such case we get 0xffffffff from
 ISR_STATUS register and handle all irq's cases, for what we are not
 not prepared and usually hang the whole system.

 To avoid the issue use pm_runtime_get_if_active() to check if
 the device is enabled and prevent suspending it when we handle irq
 until the end of irq. Additionally use synchronize_irq() in suspend

 The Linux kernel CVE team has assigned CVE-2024-56680 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 6.10 with commit ab29a2478e709b8fbb4715c51709275907c185db and fixed in 6.11.11 with commit ed4524c87249edc3104f6bb28ab11325bed3d536
 	Issue introduced in 6.10 with commit ab29a2478e709b8fbb4715c51709275907c185db and fixed in 6.12.2 with commit 57241487a3648515c9aa6fa89e31f2414eccfdbc
 	Issue introduced in 6.10 with commit ab29a2478e709b8fbb4715c51709275907c185db and fixed in 6.13 with commit 1429826883bb18847092b2e04c6598ef34bae1d4

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-56680
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/media/pci/intel/ipu6/ipu6-buttress.c
 	drivers/media/pci/intel/ipu6/ipu6.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/ed4524c87249edc3104f6bb28ab11325bed3d536
 	https://git.kernel.org/stable/c/57241487a3648515c9aa6fa89e31f2414eccfdbc
 	https://git.kernel.org/stable/c/1429826883bb18847092b2e04c6598ef34bae1d4
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-56680: media: intel/ipu6: do not handle interrupts when device is disabled

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	media: intel/ipu6: do not handle interrupts when device is disabled

	Some IPU6 devices have shared interrupts. We need to handle properly
	case when interrupt is triggered from other device on shared irq line
	and IPU6 itself disabled. In such case we get 0xffffffff from
	ISR_STATUS register and handle all irq's cases, for what we are not
	not prepared and usually hang the whole system.

	To avoid the issue use pm_runtime_get_if_active() to check if
	the device is enabled and prevent suspending it when we handle irq
	until the end of irq. Additionally use synchronize_irq() in suspend

	The Linux kernel CVE team has assigned CVE-2024-56680 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 6.10 with commit ab29a2478e709b8fbb4715c51709275907c185db and fixed in 6.11.11 with commit ed4524c87249edc3104f6bb28ab11325bed3d536
	Issue introduced in 6.10 with commit ab29a2478e709b8fbb4715c51709275907c185db and fixed in 6.12.2 with commit 57241487a3648515c9aa6fa89e31f2414eccfdbc
	Issue introduced in 6.10 with commit ab29a2478e709b8fbb4715c51709275907c185db and fixed in 6.13 with commit 1429826883bb18847092b2e04c6598ef34bae1d4

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-56680
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/media/pci/intel/ipu6/ipu6-buttress.c
	drivers/media/pci/intel/ipu6/ipu6.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/ed4524c87249edc3104f6bb28ab11325bed3d536
	https://git.kernel.org/stable/c/57241487a3648515c9aa6fa89e31f2414eccfdbc
	https://git.kernel.org/stable/c/1429826883bb18847092b2e04c6598ef34bae1d4