cve-2024-56576
Vulnerability from cvelistv5
Published
2024-12-27 14:23
Modified
2025-01-20 06:23
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: media: i2c: tc358743: Fix crash in the probe error path when using polling If an error occurs in the probe() function, we should remove the polling timer that was alarmed earlier, otherwise the timer is called with arguments that are already freed, which results in a crash. ------------[ cut here ]------------ WARNING: CPU: 3 PID: 0 at kernel/time/timer.c:1830 __run_timers+0x244/0x268 Modules linked in: CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Not tainted 6.11.0 #226 Hardware name: Diasom DS-RK3568-SOM-EVB (DT) pstate: 804000c9 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __run_timers+0x244/0x268 lr : __run_timers+0x1d4/0x268 sp : ffffff80eff2baf0 x29: ffffff80eff2bb50 x28: 7fffffffffffffff x27: ffffff80eff2bb00 x26: ffffffc080f669c0 x25: ffffff80efef6bf0 x24: ffffff80eff2bb00 x23: 0000000000000000 x22: dead000000000122 x21: 0000000000000000 x20: ffffff80efef6b80 x19: ffffff80041c8bf8 x18: ffffffffffffffff x17: ffffffc06f146000 x16: ffffff80eff27dc0 x15: 000000000000003e x14: 0000000000000000 x13: 00000000000054da x12: 0000000000000000 x11: 00000000000639c0 x10: 000000000000000c x9 : 0000000000000009 x8 : ffffff80eff2cb40 x7 : ffffff80eff2cb40 x6 : ffffff8002bee480 x5 : ffffffc080cb2220 x4 : ffffffc080cb2150 x3 : 00000000000f4240 x2 : 0000000000000102 x1 : ffffff80eff2bb00 x0 : ffffff80041c8bf0 Call trace:  __run_timers+0x244/0x268  timer_expire_remote+0x50/0x68  tmigr_handle_remote+0x388/0x39c  run_timer_softirq+0x38/0x44  handle_softirqs+0x138/0x298  __do_softirq+0x14/0x20  ____do_softirq+0x10/0x1c  call_on_irq_stack+0x24/0x4c  do_softirq_own_stack+0x1c/0x2c  irq_exit_rcu+0x9c/0xcc  el1_interrupt+0x48/0xc0  el1h_64_irq_handler+0x18/0x24  el1h_64_irq+0x7c/0x80  default_idle_call+0x34/0x68  do_idle+0x23c/0x294  cpu_startup_entry+0x38/0x3c  secondary_start_kernel+0x128/0x160  __secondary_switched+0xb8/0xbc ---[ end trace 0000000000000000 ]---
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/13193a97ddd5a6a5b11408ddbc1ae85588b1860c
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1def915b1564f4375330bd113ea1d768a569cfd8
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/34a3466a92f50c51d984f0ec2e96864886d460eb
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/5c9ab34c87af718bdbf9faa2b1a6ba41d15380ea
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/815d14147068347e88c258233eb951b41b2792a6
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/869f38ae07f7df829da4951c3d1f7a2be09c2e9a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b59ab89bc83f7bff67f78c6caf484a84a6dd30f7
Impacted products
Vendor Product Version
Linux Linux Version: 4e66a52a2e4c832dfa35a39204d0f7ce717d4a4a
Version: 4e66a52a2e4c832dfa35a39204d0f7ce717d4a4a
Version: 4e66a52a2e4c832dfa35a39204d0f7ce717d4a4a
Version: 4e66a52a2e4c832dfa35a39204d0f7ce717d4a4a
Version: 4e66a52a2e4c832dfa35a39204d0f7ce717d4a4a
Version: 4e66a52a2e4c832dfa35a39204d0f7ce717d4a4a
Version: 4e66a52a2e4c832dfa35a39204d0f7ce717d4a4a
 Create a notification for this product.
   Linux Linux Version: 4.13
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/i2c/tc358743.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "13193a97ddd5a6a5b11408ddbc1ae85588b1860c",
              "status": "affected",
              "version": "4e66a52a2e4c832dfa35a39204d0f7ce717d4a4a",
              "versionType": "git"
            },
            {
              "lessThan": "5c9ab34c87af718bdbf9faa2b1a6ba41d15380ea",
              "status": "affected",
              "version": "4e66a52a2e4c832dfa35a39204d0f7ce717d4a4a",
              "versionType": "git"
            },
            {
              "lessThan": "815d14147068347e88c258233eb951b41b2792a6",
              "status": "affected",
              "version": "4e66a52a2e4c832dfa35a39204d0f7ce717d4a4a",
              "versionType": "git"
            },
            {
              "lessThan": "34a3466a92f50c51d984f0ec2e96864886d460eb",
              "status": "affected",
              "version": "4e66a52a2e4c832dfa35a39204d0f7ce717d4a4a",
              "versionType": "git"
            },
            {
              "lessThan": "b59ab89bc83f7bff67f78c6caf484a84a6dd30f7",
              "status": "affected",
              "version": "4e66a52a2e4c832dfa35a39204d0f7ce717d4a4a",
              "versionType": "git"
            },
            {
              "lessThan": "1def915b1564f4375330bd113ea1d768a569cfd8",
              "status": "affected",
              "version": "4e66a52a2e4c832dfa35a39204d0f7ce717d4a4a",
              "versionType": "git"
            },
            {
              "lessThan": "869f38ae07f7df829da4951c3d1f7a2be09c2e9a",
              "status": "affected",
              "version": "4e66a52a2e4c832dfa35a39204d0f7ce717d4a4a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/i2c/tc358743.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.13"
            },
            {
              "lessThan": "4.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: tc358743: Fix crash in the probe error path when using polling\n\nIf an error occurs in the probe() function, we should remove the polling\ntimer that was alarmed earlier, otherwise the timer is called with\narguments that are already freed, which results in a crash.\n\n------------[ cut here ]------------\nWARNING: CPU: 3 PID: 0 at kernel/time/timer.c:1830 __run_timers+0x244/0x268\nModules linked in:\nCPU: 3 UID: 0 PID: 0 Comm: swapper/3 Not tainted 6.11.0 #226\nHardware name: Diasom DS-RK3568-SOM-EVB (DT)\npstate: 804000c9 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __run_timers+0x244/0x268\nlr : __run_timers+0x1d4/0x268\nsp : ffffff80eff2baf0\nx29: ffffff80eff2bb50 x28: 7fffffffffffffff x27: ffffff80eff2bb00\nx26: ffffffc080f669c0 x25: ffffff80efef6bf0 x24: ffffff80eff2bb00\nx23: 0000000000000000 x22: dead000000000122 x21: 0000000000000000\nx20: ffffff80efef6b80 x19: ffffff80041c8bf8 x18: ffffffffffffffff\nx17: ffffffc06f146000 x16: ffffff80eff27dc0 x15: 000000000000003e\nx14: 0000000000000000 x13: 00000000000054da x12: 0000000000000000\nx11: 00000000000639c0 x10: 000000000000000c x9 : 0000000000000009\nx8 : ffffff80eff2cb40 x7 : ffffff80eff2cb40 x6 : ffffff8002bee480\nx5 : ffffffc080cb2220 x4 : ffffffc080cb2150 x3 : 00000000000f4240\nx2 : 0000000000000102 x1 : ffffff80eff2bb00 x0 : ffffff80041c8bf0\nCall trace:\n\u00a0__run_timers+0x244/0x268\n\u00a0timer_expire_remote+0x50/0x68\n\u00a0tmigr_handle_remote+0x388/0x39c\n\u00a0run_timer_softirq+0x38/0x44\n\u00a0handle_softirqs+0x138/0x298\n\u00a0__do_softirq+0x14/0x20\n\u00a0____do_softirq+0x10/0x1c\n\u00a0call_on_irq_stack+0x24/0x4c\n\u00a0do_softirq_own_stack+0x1c/0x2c\n\u00a0irq_exit_rcu+0x9c/0xcc\n\u00a0el1_interrupt+0x48/0xc0\n\u00a0el1h_64_irq_handler+0x18/0x24\n\u00a0el1h_64_irq+0x7c/0x80\n\u00a0default_idle_call+0x34/0x68\n\u00a0do_idle+0x23c/0x294\n\u00a0cpu_startup_entry+0x38/0x3c\n\u00a0secondary_start_kernel+0x128/0x160\n\u00a0__secondary_switched+0xb8/0xbc\n---[ end trace 0000000000000000 ]---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-20T06:23:24.294Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/13193a97ddd5a6a5b11408ddbc1ae85588b1860c"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c9ab34c87af718bdbf9faa2b1a6ba41d15380ea"
        },
        {
          "url": "https://git.kernel.org/stable/c/815d14147068347e88c258233eb951b41b2792a6"
        },
        {
          "url": "https://git.kernel.org/stable/c/34a3466a92f50c51d984f0ec2e96864886d460eb"
        },
        {
          "url": "https://git.kernel.org/stable/c/b59ab89bc83f7bff67f78c6caf484a84a6dd30f7"
        },
        {
          "url": "https://git.kernel.org/stable/c/1def915b1564f4375330bd113ea1d768a569cfd8"
        },
        {
          "url": "https://git.kernel.org/stable/c/869f38ae07f7df829da4951c3d1f7a2be09c2e9a"
        }
      ],
      "title": "media: i2c: tc358743: Fix crash in the probe error path when using polling",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56576",
    "datePublished": "2024-12-27T14:23:18.792Z",
    "dateReserved": "2024-12-27T14:03:05.999Z",
    "dateUpdated": "2025-01-20T06:23:24.294Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-56576\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-12-27T15:15:16.657\",\"lastModified\":\"2024-12-27T15:15:16.657\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmedia: i2c: tc358743: Fix crash in the probe error path when using polling\\n\\nIf an error occurs in the probe() function, we should remove the polling\\ntimer that was alarmed earlier, otherwise the timer is called with\\narguments that are already freed, which results in a crash.\\n\\n------------[ cut here ]------------\\nWARNING: CPU: 3 PID: 0 at kernel/time/timer.c:1830 __run_timers+0x244/0x268\\nModules linked in:\\nCPU: 3 UID: 0 PID: 0 Comm: swapper/3 Not tainted 6.11.0 #226\\nHardware name: Diasom DS-RK3568-SOM-EVB (DT)\\npstate: 804000c9 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\\npc : __run_timers+0x244/0x268\\nlr : __run_timers+0x1d4/0x268\\nsp : ffffff80eff2baf0\\nx29: ffffff80eff2bb50 x28: 7fffffffffffffff x27: ffffff80eff2bb00\\nx26: ffffffc080f669c0 x25: ffffff80efef6bf0 x24: ffffff80eff2bb00\\nx23: 0000000000000000 x22: dead000000000122 x21: 0000000000000000\\nx20: ffffff80efef6b80 x19: ffffff80041c8bf8 x18: ffffffffffffffff\\nx17: ffffffc06f146000 x16: ffffff80eff27dc0 x15: 000000000000003e\\nx14: 0000000000000000 x13: 00000000000054da x12: 0000000000000000\\nx11: 00000000000639c0 x10: 000000000000000c x9 : 0000000000000009\\nx8 : ffffff80eff2cb40 x7 : ffffff80eff2cb40 x6 : ffffff8002bee480\\nx5 : ffffffc080cb2220 x4 : ffffffc080cb2150 x3 : 00000000000f4240\\nx2 : 0000000000000102 x1 : ffffff80eff2bb00 x0 : ffffff80041c8bf0\\nCall trace:\\n\u00a0__run_timers+0x244/0x268\\n\u00a0timer_expire_remote+0x50/0x68\\n\u00a0tmigr_handle_remote+0x388/0x39c\\n\u00a0run_timer_softirq+0x38/0x44\\n\u00a0handle_softirqs+0x138/0x298\\n\u00a0__do_softirq+0x14/0x20\\n\u00a0____do_softirq+0x10/0x1c\\n\u00a0call_on_irq_stack+0x24/0x4c\\n\u00a0do_softirq_own_stack+0x1c/0x2c\\n\u00a0irq_exit_rcu+0x9c/0xcc\\n\u00a0el1_interrupt+0x48/0xc0\\n\u00a0el1h_64_irq_handler+0x18/0x24\\n\u00a0el1h_64_irq+0x7c/0x80\\n\u00a0default_idle_call+0x34/0x68\\n\u00a0do_idle+0x23c/0x294\\n\u00a0cpu_startup_entry+0x38/0x3c\\n\u00a0secondary_start_kernel+0x128/0x160\\n\u00a0__secondary_switched+0xb8/0xbc\\n---[ end trace 0000000000000000 ]---\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/13193a97ddd5a6a5b11408ddbc1ae85588b1860c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1def915b1564f4375330bd113ea1d768a569cfd8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/34a3466a92f50c51d984f0ec2e96864886d460eb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5c9ab34c87af718bdbf9faa2b1a6ba41d15380ea\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/815d14147068347e88c258233eb951b41b2792a6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/869f38ae07f7df829da4951c3d1f7a2be09c2e9a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b59ab89bc83f7bff67f78c6caf484a84a6dd30f7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.