cve/published/2024/CVE-2024-56787.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-56787: soc: imx8m: Probe the SoC driver as platform driver

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 soc: imx8m: Probe the SoC driver as platform driver

 With driver_async_probe=* on kernel command line, the following trace is
 produced because on i.MX8M Plus hardware because the soc-imx8m.c driver
 calls of_clk_get_by_name() which returns -EPROBE_DEFER because the clock
 driver is not yet probed. This was not detected during regular testing
 without driver_async_probe.

 Convert the SoC code to platform driver and instantiate a platform device
 in its current device_initcall() to probe the platform driver. Rework
 .soc_revision callback to always return valid error code and return SoC
 revision via parameter. This way, if anything in the .soc_revision callback
 return -EPROBE_DEFER, it gets propagated to .probe and the .probe will get
 retried later.

 "
 ------------[ cut here ]------------
 WARNING: CPU: 1 PID: 1 at drivers/soc/imx/soc-imx8m.c:115 imx8mm_soc_revision+0xdc/0x180
 CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.11.0-next-20240924-00002-g2062bb554dea #603
 Hardware name: DH electronics i.MX8M Plus DHCOM Premium Developer Kit (3) (DT)
 pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
 pc : imx8mm_soc_revision+0xdc/0x180
 lr : imx8mm_soc_revision+0xd0/0x180
 sp : ffff8000821fbcc0
 x29: ffff8000821fbce0 x28: 0000000000000000 x27: ffff800081810120
 x26: ffff8000818a9970 x25: 0000000000000006 x24: 0000000000824311
 x23: ffff8000817f42c8 x22: ffff0000df8be210 x21: fffffffffffffdfb
 x20: ffff800082780000 x19: 0000000000000001 x18: ffffffffffffffff
 x17: ffff800081fff418 x16: ffff8000823e1000 x15: ffff0000c03b65e8
 x14: ffff0000c00051b0 x13: ffff800082790000 x12: 0000000000000801
 x11: ffff80008278ffff x10: ffff80008209d3a6 x9 : ffff80008062e95c
 x8 : ffff8000821fb9a0 x7 : 0000000000000000 x6 : 00000000000080e3
 x5 : ffff0000df8c03d8 x4 : 0000000000000000 x3 : 0000000000000000
 x2 : 0000000000000000 x1 : fffffffffffffdfb x0 : fffffffffffffdfb
 Call trace:
  imx8mm_soc_revision+0xdc/0x180
  imx8_soc_init+0xb0/0x1e0
  do_one_initcall+0x94/0x1a8
  kernel_init_freeable+0x240/0x2a8
  kernel_init+0x28/0x140
  ret_from_fork+0x10/0x20
 ---[ end trace 0000000000000000 ]---
 SoC: i.MX8MP revision 1.1
 "

 The Linux kernel CVE team has assigned CVE-2024-56787 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.2 with commit a7e26f356ca12906a164d83c9e9f8527ee7da022 and fixed in 5.15.174 with commit e497edb8f31ec2c2b6f4ce930e175aa2da8be334
 	Issue introduced in 5.2 with commit a7e26f356ca12906a164d83c9e9f8527ee7da022 and fixed in 6.1.120 with commit ea2ff66feb5f9b183f9e2f9d06c21340bd88de12
 	Issue introduced in 5.2 with commit a7e26f356ca12906a164d83c9e9f8527ee7da022 and fixed in 6.6.66 with commit 2129f6faa5dfe8c6b87aad11720bf75edd77d3e4
 	Issue introduced in 5.2 with commit a7e26f356ca12906a164d83c9e9f8527ee7da022 and fixed in 6.12.5 with commit 997a3c04d7fa3d1d385c14691350d096fada648c
 	Issue introduced in 5.2 with commit a7e26f356ca12906a164d83c9e9f8527ee7da022 and fixed in 6.13 with commit 9cc832d37799dbea950c4c8a34721b02b8b5a8ff

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-56787
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/soc/imx/soc-imx8m.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/e497edb8f31ec2c2b6f4ce930e175aa2da8be334
 	https://git.kernel.org/stable/c/ea2ff66feb5f9b183f9e2f9d06c21340bd88de12
 	https://git.kernel.org/stable/c/2129f6faa5dfe8c6b87aad11720bf75edd77d3e4
 	https://git.kernel.org/stable/c/997a3c04d7fa3d1d385c14691350d096fada648c
 	https://git.kernel.org/stable/c/9cc832d37799dbea950c4c8a34721b02b8b5a8ff
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-56787: soc: imx8m: Probe the SoC driver as platform driver

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	soc: imx8m: Probe the SoC driver as platform driver

	With driver_async_probe=* on kernel command line, the following trace is
	produced because on i.MX8M Plus hardware because the soc-imx8m.c driver
	calls of_clk_get_by_name() which returns -EPROBE_DEFER because the clock
	driver is not yet probed. This was not detected during regular testing
	without driver_async_probe.

	Convert the SoC code to platform driver and instantiate a platform device
	in its current device_initcall() to probe the platform driver. Rework
	.soc_revision callback to always return valid error code and return SoC
	revision via parameter. This way, if anything in the .soc_revision callback
	return -EPROBE_DEFER, it gets propagated to .probe and the .probe will get
	retried later.

	"
	------------[ cut here ]------------
	WARNING: CPU: 1 PID: 1 at drivers/soc/imx/soc-imx8m.c:115 imx8mm_soc_revision+0xdc/0x180
	CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.11.0-next-20240924-00002-g2062bb554dea #603
	Hardware name: DH electronics i.MX8M Plus DHCOM Premium Developer Kit (3) (DT)
	pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
	pc : imx8mm_soc_revision+0xdc/0x180
	lr : imx8mm_soc_revision+0xd0/0x180
	sp : ffff8000821fbcc0
	x29: ffff8000821fbce0 x28: 0000000000000000 x27: ffff800081810120
	x26: ffff8000818a9970 x25: 0000000000000006 x24: 0000000000824311
	x23: ffff8000817f42c8 x22: ffff0000df8be210 x21: fffffffffffffdfb
	x20: ffff800082780000 x19: 0000000000000001 x18: ffffffffffffffff
	x17: ffff800081fff418 x16: ffff8000823e1000 x15: ffff0000c03b65e8
	x14: ffff0000c00051b0 x13: ffff800082790000 x12: 0000000000000801
	x11: ffff80008278ffff x10: ffff80008209d3a6 x9 : ffff80008062e95c
	x8 : ffff8000821fb9a0 x7 : 0000000000000000 x6 : 00000000000080e3
	x5 : ffff0000df8c03d8 x4 : 0000000000000000 x3 : 0000000000000000
	x2 : 0000000000000000 x1 : fffffffffffffdfb x0 : fffffffffffffdfb
	Call trace:
	imx8mm_soc_revision+0xdc/0x180
	imx8_soc_init+0xb0/0x1e0
	do_one_initcall+0x94/0x1a8
	kernel_init_freeable+0x240/0x2a8
	kernel_init+0x28/0x140
	ret_from_fork+0x10/0x20
	---[ end trace 0000000000000000 ]---
	SoC: i.MX8MP revision 1.1
	"

	The Linux kernel CVE team has assigned CVE-2024-56787 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.2 with commit a7e26f356ca12906a164d83c9e9f8527ee7da022 and fixed in 5.15.174 with commit e497edb8f31ec2c2b6f4ce930e175aa2da8be334
	Issue introduced in 5.2 with commit a7e26f356ca12906a164d83c9e9f8527ee7da022 and fixed in 6.1.120 with commit ea2ff66feb5f9b183f9e2f9d06c21340bd88de12
	Issue introduced in 5.2 with commit a7e26f356ca12906a164d83c9e9f8527ee7da022 and fixed in 6.6.66 with commit 2129f6faa5dfe8c6b87aad11720bf75edd77d3e4
	Issue introduced in 5.2 with commit a7e26f356ca12906a164d83c9e9f8527ee7da022 and fixed in 6.12.5 with commit 997a3c04d7fa3d1d385c14691350d096fada648c
	Issue introduced in 5.2 with commit a7e26f356ca12906a164d83c9e9f8527ee7da022 and fixed in 6.13 with commit 9cc832d37799dbea950c4c8a34721b02b8b5a8ff

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-56787
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/soc/imx/soc-imx8m.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/e497edb8f31ec2c2b6f4ce930e175aa2da8be334
	https://git.kernel.org/stable/c/ea2ff66feb5f9b183f9e2f9d06c21340bd88de12
	https://git.kernel.org/stable/c/2129f6faa5dfe8c6b87aad11720bf75edd77d3e4
	https://git.kernel.org/stable/c/997a3c04d7fa3d1d385c14691350d096fada648c
	https://git.kernel.org/stable/c/9cc832d37799dbea950c4c8a34721b02b8b5a8ff