cvelistv5 - cve-2024-57889

cve-2024-57889

Vulnerability from cvelistv5

Published

2025-01-15 13:05

Modified

2025-01-20 06:28

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking If a device uses MCP23xxx IO expander to receive IRQs, the following bug can happen: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ... preempt_count: 1, expected: 0 ... Call Trace: ... __might_resched+0x104/0x10e __might_sleep+0x3e/0x62 mutex_lock+0x20/0x4c regmap_lock_mutex+0x10/0x18 regmap_update_bits_base+0x2c/0x66 mcp23s08_irq_set_type+0x1ae/0x1d6 __irq_set_trigger+0x56/0x172 __setup_irq+0x1e6/0x646 request_threaded_irq+0xb6/0x160 ... We observed the problem while experimenting with a touchscreen driver which used MCP23017 IO expander (I2C). The regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from concurrent accesses, which is the default for regmaps without .fast_io, .disable_locking, etc. mcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter locks the mutex. However, __setup_irq() locks desc->lock spinlock before calling these functions. As a result, the system tries to lock the mutex whole holding the spinlock. It seems, the internal regmap locks are not needed in this driver at all. mcp->lock seems to protect the regmap from concurrent accesses already, except, probably, in mcp_pinconf_get/set. mcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under chip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes mcp->lock and enables regmap caching, so that the potentially slow I2C accesses are deferred until chip_bus_unlock(). The accesses to the regmap from mcp23s08_probe_one() do not need additional locking. In all remaining places where the regmap is accessed, except mcp_pinconf_get/set(), the driver already takes mcp->lock. This patch adds locking in mcp_pinconf_get/set() and disables internal locking in the regmap config. Among other things, it fixes the sleeping in atomic context described above.

References

▼	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/0310cbad163a908d09d99c26827859365cd71fcb
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/788d9e9a41b81893d6bb8faa05f045c975278318
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/830f838589522404cd7c2f0f540602f25034af61
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/8c6fd5803b988a5e78c9b9e42c70a936d7cfc6ec
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/9372e160d8211a7e17f2abff8370794f182df785
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/a37eecb705f33726f1fb7cd2a67e514a15dfe693
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/c55d186376a87b468c9ee30f2195e0f3857f61a0

Impacted products

Vendor

Product

Version

▼

Linux

Version: 8f38910ba4f662222157ce07a0d5becc4328c46a
Version: 8f38910ba4f662222157ce07a0d5becc4328c46a
Version: 8f38910ba4f662222157ce07a0d5becc4328c46a
Version: 8f38910ba4f662222157ce07a0d5becc4328c46a
Version: 8f38910ba4f662222157ce07a0d5becc4328c46a
Version: 8f38910ba4f662222157ce07a0d5becc4328c46a
Version: 8f38910ba4f662222157ce07a0d5becc4328c46a

Linux

Version: 4.13

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/pinctrl/pinctrl-mcp23s08.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "788d9e9a41b81893d6bb8faa05f045c975278318",
              "status": "affected",
              "version": "8f38910ba4f662222157ce07a0d5becc4328c46a",
              "versionType": "git"
            },
            {
              "lessThan": "c55d186376a87b468c9ee30f2195e0f3857f61a0",
              "status": "affected",
              "version": "8f38910ba4f662222157ce07a0d5becc4328c46a",
              "versionType": "git"
            },
            {
              "lessThan": "9372e160d8211a7e17f2abff8370794f182df785",
              "status": "affected",
              "version": "8f38910ba4f662222157ce07a0d5becc4328c46a",
              "versionType": "git"
            },
            {
              "lessThan": "0310cbad163a908d09d99c26827859365cd71fcb",
              "status": "affected",
              "version": "8f38910ba4f662222157ce07a0d5becc4328c46a",
              "versionType": "git"
            },
            {
              "lessThan": "8c6fd5803b988a5e78c9b9e42c70a936d7cfc6ec",
              "status": "affected",
              "version": "8f38910ba4f662222157ce07a0d5becc4328c46a",
              "versionType": "git"
            },
            {
              "lessThan": "830f838589522404cd7c2f0f540602f25034af61",
              "status": "affected",
              "version": "8f38910ba4f662222157ce07a0d5becc4328c46a",
              "versionType": "git"
            },
            {
              "lessThan": "a37eecb705f33726f1fb7cd2a67e514a15dfe693",
              "status": "affected",
              "version": "8f38910ba4f662222157ce07a0d5becc4328c46a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/pinctrl/pinctrl-mcp23s08.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.13"
            },
            {
              "lessThan": "4.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.289",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.233",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.124",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.70",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking\n\nIf a device uses MCP23xxx IO expander to receive IRQs, the following\nbug can happen:\n\n  BUG: sleeping function called from invalid context\n    at kernel/locking/mutex.c:283\n  in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ...\n  preempt_count: 1, expected: 0\n  ...\n  Call Trace:\n  ...\n  __might_resched+0x104/0x10e\n  __might_sleep+0x3e/0x62\n  mutex_lock+0x20/0x4c\n  regmap_lock_mutex+0x10/0x18\n  regmap_update_bits_base+0x2c/0x66\n  mcp23s08_irq_set_type+0x1ae/0x1d6\n  __irq_set_trigger+0x56/0x172\n  __setup_irq+0x1e6/0x646\n  request_threaded_irq+0xb6/0x160\n  ...\n\nWe observed the problem while experimenting with a touchscreen driver which\nused MCP23017 IO expander (I2C).\n\nThe regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from\nconcurrent accesses, which is the default for regmaps without .fast_io,\n.disable_locking, etc.\n\nmcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter\nlocks the mutex.\n\nHowever, __setup_irq() locks desc-\u003elock spinlock before calling these\nfunctions. As a result, the system tries to lock the mutex whole holding\nthe spinlock.\n\nIt seems, the internal regmap locks are not needed in this driver at all.\nmcp-\u003elock seems to protect the regmap from concurrent accesses already,\nexcept, probably, in mcp_pinconf_get/set.\n\nmcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under\nchip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes\nmcp-\u003elock and enables regmap caching, so that the potentially slow I2C\naccesses are deferred until chip_bus_unlock().\n\nThe accesses to the regmap from mcp23s08_probe_one() do not need additional\nlocking.\n\nIn all remaining places where the regmap is accessed, except\nmcp_pinconf_get/set(), the driver already takes mcp-\u003elock.\n\nThis patch adds locking in mcp_pinconf_get/set() and disables internal\nlocking in the regmap config. Among other things, it fixes the sleeping\nin atomic context described above."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-20T06:28:57.611Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/788d9e9a41b81893d6bb8faa05f045c975278318"
        },
        {
          "url": "https://git.kernel.org/stable/c/c55d186376a87b468c9ee30f2195e0f3857f61a0"
        },
        {
          "url": "https://git.kernel.org/stable/c/9372e160d8211a7e17f2abff8370794f182df785"
        },
        {
          "url": "https://git.kernel.org/stable/c/0310cbad163a908d09d99c26827859365cd71fcb"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c6fd5803b988a5e78c9b9e42c70a936d7cfc6ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/830f838589522404cd7c2f0f540602f25034af61"
        },
        {
          "url": "https://git.kernel.org/stable/c/a37eecb705f33726f1fb7cd2a67e514a15dfe693"
        }
      ],
      "title": "pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-57889",
    "datePublished": "2025-01-15T13:05:41.769Z",
    "dateReserved": "2025-01-11T14:45:42.027Z",
    "dateUpdated": "2025-01-20T06:28:57.611Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-57889\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-01-15T13:15:13.347\",\"lastModified\":\"2025-01-15T13:15:13.347\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\npinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking\\n\\nIf a device uses MCP23xxx IO expander to receive IRQs, the following\\nbug can happen:\\n\\n  BUG: sleeping function called from invalid context\\n    at kernel/locking/mutex.c:283\\n  in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ...\\n  preempt_count: 1, expected: 0\\n  ...\\n  Call Trace:\\n  ...\\n  __might_resched+0x104/0x10e\\n  __might_sleep+0x3e/0x62\\n  mutex_lock+0x20/0x4c\\n  regmap_lock_mutex+0x10/0x18\\n  regmap_update_bits_base+0x2c/0x66\\n  mcp23s08_irq_set_type+0x1ae/0x1d6\\n  __irq_set_trigger+0x56/0x172\\n  __setup_irq+0x1e6/0x646\\n  request_threaded_irq+0xb6/0x160\\n  ...\\n\\nWe observed the problem while experimenting with a touchscreen driver which\\nused MCP23017 IO expander (I2C).\\n\\nThe regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from\\nconcurrent accesses, which is the default for regmaps without .fast_io,\\n.disable_locking, etc.\\n\\nmcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter\\nlocks the mutex.\\n\\nHowever, __setup_irq() locks desc-\u003elock spinlock before calling these\\nfunctions. As a result, the system tries to lock the mutex whole holding\\nthe spinlock.\\n\\nIt seems, the internal regmap locks are not needed in this driver at all.\\nmcp-\u003elock seems to protect the regmap from concurrent accesses already,\\nexcept, probably, in mcp_pinconf_get/set.\\n\\nmcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under\\nchip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes\\nmcp-\u003elock and enables regmap caching, so that the potentially slow I2C\\naccesses are deferred until chip_bus_unlock().\\n\\nThe accesses to the regmap from mcp23s08_probe_one() do not need additional\\nlocking.\\n\\nIn all remaining places where the regmap is accessed, except\\nmcp_pinconf_get/set(), the driver already takes mcp-\u003elock.\\n\\nThis patch adds locking in mcp_pinconf_get/set() and disables internal\\nlocking in the regmap config. Among other things, it fixes the sleeping\\nin atomic context described above.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pinctrl: mcp23s08: Se corrige la suspensi\u00f3n en un contexto at\u00f3mico debido al bloqueo de regmap Si un dispositivo usa el expansor de E/S MCP23xxx para recibir IRQ, puede ocurrir el siguiente error: ERROR: funci\u00f3n de suspensi\u00f3n llamada desde un contexto no v\u00e1lido en kernel/locking/mutex.c:283 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ... preempt_count: 1, expected: 0 ... Seguimiento de llamadas: ... __might_resched+0x104/0x10e __might_sleep+0x3e/0x62 mutex_lock+0x20/0x4c regmap_lock_mutex+0x10/0x18 regmap_update_bits_base+0x2c/0x66 Observamos el problema mientras experiment\u00e1bamos con un controlador de pantalla t\u00e1ctil que usaba el expansor de E/S MCP23017 (I2C). El mapa de reglas en el controlador pinctrl-mcp23s08 usa un mutex para protecci\u00f3n contra accesos concurrentes, que es el valor predeterminado para los mapas de reglas sin .fast_io, .disable_locking, etc. mcp23s08_irq_set_type() llama a regmap_update_bits_base(), y este \u00faltimo bloquea el mutex. Sin embargo, __setup_irq() bloquea el spinlock desc-\u0026gt;lock antes de llamar a estas funciones. Como resultado, el sistema intenta bloquear el mutex que contiene el spinlock. Parece que los bloqueos internos del mapa de reglas no son necesarios en este controlador en absoluto. mcp-\u0026gt;lock parece proteger el mapa de reglas de accesos concurrentes, excepto, probablemente, en mcp_pinconf_get/set. mcp23s08_irq_set_type() y mcp23s08_irq_mask/unmask() se llaman bajo chip_bus_lock(), que llama a mcp23s08_irq_bus_lock(). Este \u00faltimo toma mcp-\u0026gt;lock y habilita el almacenamiento en cach\u00e9 del mapa de reglas, de modo que los accesos I2C potencialmente lentos se posponen hasta chip_bus_unlock(). Los accesos al mapa de reglas desde mcp23s08_probe_one() no necesitan bloqueo adicional. En todos los lugares restantes donde se accede al mapa de reglas, excepto mcp_pinconf_get/set(), el controlador ya toma mcp-\u0026gt;lock. Este parche agrega bloqueo en mcp_pinconf_get/set() y deshabilita el bloqueo interno en la configuraci\u00f3n de regmap. Entre otras cosas, corrige el problema de suspensi\u00f3n en el contexto at\u00f3mico descrito anteriormente.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0310cbad163a908d09d99c26827859365cd71fcb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/788d9e9a41b81893d6bb8faa05f045c975278318\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/830f838589522404cd7c2f0f540602f25034af61\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8c6fd5803b988a5e78c9b9e42c70a936d7cfc6ec\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9372e160d8211a7e17f2abff8370794f182df785\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a37eecb705f33726f1fb7cd2a67e514a15dfe693\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c55d186376a87b468c9ee30f2195e0f3857f61a0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

fkie_cve-2024-57889

Vulnerability from fkie_nvd

Published

2025-01-15 13:15

Modified

2025-01-15 13:15

Severity ?

Summary

References

▼	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/0310cbad163a908d09d99c26827859365cd71fcb
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/788d9e9a41b81893d6bb8faa05f045c975278318
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/830f838589522404cd7c2f0f540602f25034af61
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/8c6fd5803b988a5e78c9b9e42c70a936d7cfc6ec
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/9372e160d8211a7e17f2abff8370794f182df785
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/a37eecb705f33726f1fb7cd2a67e514a15dfe693
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/c55d186376a87b468c9ee30f2195e0f3857f61a0

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking\n\nIf a device uses MCP23xxx IO expander to receive IRQs, the following\nbug can happen:\n\n  BUG: sleeping function called from invalid context\n    at kernel/locking/mutex.c:283\n  in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ...\n  preempt_count: 1, expected: 0\n  ...\n  Call Trace:\n  ...\n  __might_resched+0x104/0x10e\n  __might_sleep+0x3e/0x62\n  mutex_lock+0x20/0x4c\n  regmap_lock_mutex+0x10/0x18\n  regmap_update_bits_base+0x2c/0x66\n  mcp23s08_irq_set_type+0x1ae/0x1d6\n  __irq_set_trigger+0x56/0x172\n  __setup_irq+0x1e6/0x646\n  request_threaded_irq+0xb6/0x160\n  ...\n\nWe observed the problem while experimenting with a touchscreen driver which\nused MCP23017 IO expander (I2C).\n\nThe regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from\nconcurrent accesses, which is the default for regmaps without .fast_io,\n.disable_locking, etc.\n\nmcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter\nlocks the mutex.\n\nHowever, __setup_irq() locks desc-\u003elock spinlock before calling these\nfunctions. As a result, the system tries to lock the mutex whole holding\nthe spinlock.\n\nIt seems, the internal regmap locks are not needed in this driver at all.\nmcp-\u003elock seems to protect the regmap from concurrent accesses already,\nexcept, probably, in mcp_pinconf_get/set.\n\nmcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under\nchip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes\nmcp-\u003elock and enables regmap caching, so that the potentially slow I2C\naccesses are deferred until chip_bus_unlock().\n\nThe accesses to the regmap from mcp23s08_probe_one() do not need additional\nlocking.\n\nIn all remaining places where the regmap is accessed, except\nmcp_pinconf_get/set(), the driver already takes mcp-\u003elock.\n\nThis patch adds locking in mcp_pinconf_get/set() and disables internal\nlocking in the regmap config. Among other things, it fixes the sleeping\nin atomic context described above."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pinctrl: mcp23s08: Se corrige la suspensi\u00f3n en un contexto at\u00f3mico debido al bloqueo de regmap Si un dispositivo usa el expansor de E/S MCP23xxx para recibir IRQ, puede ocurrir el siguiente error: ERROR: funci\u00f3n de suspensi\u00f3n llamada desde un contexto no v\u00e1lido en kernel/locking/mutex.c:283 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ... preempt_count: 1, expected: 0 ... Seguimiento de llamadas: ... __might_resched+0x104/0x10e __might_sleep+0x3e/0x62 mutex_lock+0x20/0x4c regmap_lock_mutex+0x10/0x18 regmap_update_bits_base+0x2c/0x66 Observamos el problema mientras experiment\u00e1bamos con un controlador de pantalla t\u00e1ctil que usaba el expansor de E/S MCP23017 (I2C). El mapa de reglas en el controlador pinctrl-mcp23s08 usa un mutex para protecci\u00f3n contra accesos concurrentes, que es el valor predeterminado para los mapas de reglas sin .fast_io, .disable_locking, etc. mcp23s08_irq_set_type() llama a regmap_update_bits_base(), y este \u00faltimo bloquea el mutex. Sin embargo, __setup_irq() bloquea el spinlock desc-\u0026gt;lock antes de llamar a estas funciones. Como resultado, el sistema intenta bloquear el mutex que contiene el spinlock. Parece que los bloqueos internos del mapa de reglas no son necesarios en este controlador en absoluto. mcp-\u0026gt;lock parece proteger el mapa de reglas de accesos concurrentes, excepto, probablemente, en mcp_pinconf_get/set. mcp23s08_irq_set_type() y mcp23s08_irq_mask/unmask() se llaman bajo chip_bus_lock(), que llama a mcp23s08_irq_bus_lock(). Este \u00faltimo toma mcp-\u0026gt;lock y habilita el almacenamiento en cach\u00e9 del mapa de reglas, de modo que los accesos I2C potencialmente lentos se posponen hasta chip_bus_unlock(). Los accesos al mapa de reglas desde mcp23s08_probe_one() no necesitan bloqueo adicional. En todos los lugares restantes donde se accede al mapa de reglas, excepto mcp_pinconf_get/set(), el controlador ya toma mcp-\u0026gt;lock. Este parche agrega bloqueo en mcp_pinconf_get/set() y deshabilita el bloqueo interno en la configuraci\u00f3n de regmap. Entre otras cosas, corrige el problema de suspensi\u00f3n en el contexto at\u00f3mico descrito anteriormente."
    }
  ],
  "id": "CVE-2024-57889",
  "lastModified": "2025-01-15T13:15:13.347",
  "metrics": {},
  "published": "2025-01-15T13:15:13.347",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/0310cbad163a908d09d99c26827859365cd71fcb"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/788d9e9a41b81893d6bb8faa05f045c975278318"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/830f838589522404cd7c2f0f540602f25034af61"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/8c6fd5803b988a5e78c9b9e42c70a936d7cfc6ec"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/9372e160d8211a7e17f2abff8370794f182df785"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a37eecb705f33726f1fb7cd2a67e514a15dfe693"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/c55d186376a87b468c9ee30f2195e0f3857f61a0"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

wid-sec-w-2025-0105

Vulnerability from csaf_certbund

Published

2025-01-15 23:00

Modified

2025-01-15 23:00

Summary

Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0105 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0105.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0105 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0105"
      },
      {
        "category": "external",
        "summary": "Kernel CVE Announce Mailingliste",
        "url": "https://lore.kernel.org/linux-cve-announce/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-36476",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011531-CVE-2024-36476-b2a1@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-39282",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011532-CVE-2024-39282-491b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-53681",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011532-CVE-2024-53681-e199@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-54031",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011532-CVE-2024-54031-f640@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57795",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011533-CVE-2024-57795-e560@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57801",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011533-CVE-2024-57801-6479@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57802",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011533-CVE-2024-57802-c728@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57841",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011534-CVE-2024-57841-751f@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57844",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011534-CVE-2024-57844-a3cd@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57857",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011534-CVE-2024-57857-29db@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57882",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011507-CVE-2024-57882-8f05@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57883",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011510-CVE-2024-57883-b603@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57884",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011510-CVE-2024-57884-4cf8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57885",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011510-CVE-2024-57885-ea46@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57886",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011511-CVE-2024-57886-9059@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57887",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011511-CVE-2024-57887-db31@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57888",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011511-CVE-2024-57888-0b38@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57889",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011512-CVE-2024-57889-a2a5@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57890",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011512-CVE-2024-57890-aaf3@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57891",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011512-CVE-2024-57891-06ef@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57892",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011513-CVE-2024-57892-6d53@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57893",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011513-CVE-2024-57893-b263@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57894",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011513-CVE-2024-57894-fbfe@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57895",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011514-CVE-2024-57895-9034@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57896",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011514-CVE-2024-57896-af67@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57897",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011514-CVE-2024-57897-de29@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57898",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011515-CVE-2024-57898-bfde@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57899",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011515-CVE-2024-57899-0b1c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57900",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011515-CVE-2024-57900-72ad@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57901",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011516-CVE-2024-57901-1f9e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57902",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011516-CVE-2024-57902-7ddb@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2024-57903",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011517-CVE-2024-57903-fd2a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-21629",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011517-CVE-2025-21629-e230@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-21630",
        "url": "https://lore.kernel.org/linux-cve-announce/2025011517-CVE-2025-21630-7665@gregkh/"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
    "tracking": {
      "current_release_date": "2025-01-15T23:00:00.000+00:00",
      "generator": {
        "date": "2025-01-16T11:43:17.808+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2025-0105",
      "initial_release_date": "2025-01-15T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-01-15T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Linux Kernel",
            "product": {
              "name": "Open Source Linux Kernel",
              "product_id": "T040361",
              "product_identification_helper": {
                "cpe": "cpe:/o:linux:linux_kernel:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-36476",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-36476"
    },
    {
      "cve": "CVE-2024-39282",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-39282"
    },
    {
      "cve": "CVE-2024-53681",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-53681"
    },
    {
      "cve": "CVE-2024-54031",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-54031"
    },
    {
      "cve": "CVE-2024-57795",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57795"
    },
    {
      "cve": "CVE-2024-57801",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57801"
    },
    {
      "cve": "CVE-2024-57802",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57802"
    },
    {
      "cve": "CVE-2024-57841",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57841"
    },
    {
      "cve": "CVE-2024-57844",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57844"
    },
    {
      "cve": "CVE-2024-57857",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57857"
    },
    {
      "cve": "CVE-2024-57882",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57882"
    },
    {
      "cve": "CVE-2024-57883",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57883"
    },
    {
      "cve": "CVE-2024-57884",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57884"
    },
    {
      "cve": "CVE-2024-57885",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57885"
    },
    {
      "cve": "CVE-2024-57886",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57886"
    },
    {
      "cve": "CVE-2024-57887",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57887"
    },
    {
      "cve": "CVE-2024-57888",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57888"
    },
    {
      "cve": "CVE-2024-57889",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57889"
    },
    {
      "cve": "CVE-2024-57890",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57890"
    },
    {
      "cve": "CVE-2024-57891",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57891"
    },
    {
      "cve": "CVE-2024-57892",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57892"
    },
    {
      "cve": "CVE-2024-57893",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57893"
    },
    {
      "cve": "CVE-2024-57894",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57894"
    },
    {
      "cve": "CVE-2024-57895",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57895"
    },
    {
      "cve": "CVE-2024-57896",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57896"
    },
    {
      "cve": "CVE-2024-57897",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57897"
    },
    {
      "cve": "CVE-2024-57898",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57898"
    },
    {
      "cve": "CVE-2024-57899",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57899"
    },
    {
      "cve": "CVE-2024-57900",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57900"
    },
    {
      "cve": "CVE-2024-57901",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57901"
    },
    {
      "cve": "CVE-2024-57902",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57902"
    },
    {
      "cve": "CVE-2024-57903",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2024-57903"
    },
    {
      "cve": "CVE-2025-21629",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2025-21629"
    },
    {
      "cve": "CVE-2025-21630",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux-Kernel bestehen mehrere Schwachstellen aufgrund verschiedener Fehler in der Speicherverwaltung (use after free, null pointer, etc.). Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und m\u00f6glicherweise andere, nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040361"
        ]
      },
      "release_date": "2025-01-15T23:00:00.000+00:00",
      "title": "CVE-2025-21630"
    }
  ]
}

ghsa-5xqg-j6jp-j9g5

Vulnerability from github

Published

2025-01-15 15:31

Modified

2025-01-15 15:31

Details

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking

If a device uses MCP23xxx IO expander to receive IRQs, the following bug can happen:

BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ... preempt_count: 1, expected: 0 ... Call Trace: ... __might_resched+0x104/0x10e __might_sleep+0x3e/0x62 mutex_lock+0x20/0x4c regmap_lock_mutex+0x10/0x18 regmap_update_bits_base+0x2c/0x66 mcp23s08_irq_set_type+0x1ae/0x1d6 __irq_set_trigger+0x56/0x172 __setup_irq+0x1e6/0x646 request_threaded_irq+0xb6/0x160 ...

We observed the problem while experimenting with a touchscreen driver which used MCP23017 IO expander (I2C).

The regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from concurrent accesses, which is the default for regmaps without .fast_io, .disable_locking, etc.

mcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter locks the mutex.

However, __setup_irq() locks desc->lock spinlock before calling these functions. As a result, the system tries to lock the mutex whole holding the spinlock.

It seems, the internal regmap locks are not needed in this driver at all. mcp->lock seems to protect the regmap from concurrent accesses already, except, probably, in mcp_pinconf_get/set.

mcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under chip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes mcp->lock and enables regmap caching, so that the potentially slow I2C accesses are deferred until chip_bus_unlock().

The accesses to the regmap from mcp23s08_probe_one() do not need additional locking.

In all remaining places where the regmap is accessed, except mcp_pinconf_get/set(), the driver already takes mcp->lock.

This patch adds locking in mcp_pinconf_get/set() and disables internal locking in the regmap config. Among other things, it fixes the sleeping in atomic context described above.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-57889"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-15T13:15:13Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking\n\nIf a device uses MCP23xxx IO expander to receive IRQs, the following\nbug can happen:\n\n  BUG: sleeping function called from invalid context\n    at kernel/locking/mutex.c:283\n  in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ...\n  preempt_count: 1, expected: 0\n  ...\n  Call Trace:\n  ...\n  __might_resched+0x104/0x10e\n  __might_sleep+0x3e/0x62\n  mutex_lock+0x20/0x4c\n  regmap_lock_mutex+0x10/0x18\n  regmap_update_bits_base+0x2c/0x66\n  mcp23s08_irq_set_type+0x1ae/0x1d6\n  __irq_set_trigger+0x56/0x172\n  __setup_irq+0x1e6/0x646\n  request_threaded_irq+0xb6/0x160\n  ...\n\nWe observed the problem while experimenting with a touchscreen driver which\nused MCP23017 IO expander (I2C).\n\nThe regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from\nconcurrent accesses, which is the default for regmaps without .fast_io,\n.disable_locking, etc.\n\nmcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter\nlocks the mutex.\n\nHowever, __setup_irq() locks desc-\u003elock spinlock before calling these\nfunctions. As a result, the system tries to lock the mutex whole holding\nthe spinlock.\n\nIt seems, the internal regmap locks are not needed in this driver at all.\nmcp-\u003elock seems to protect the regmap from concurrent accesses already,\nexcept, probably, in mcp_pinconf_get/set.\n\nmcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under\nchip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes\nmcp-\u003elock and enables regmap caching, so that the potentially slow I2C\naccesses are deferred until chip_bus_unlock().\n\nThe accesses to the regmap from mcp23s08_probe_one() do not need additional\nlocking.\n\nIn all remaining places where the regmap is accessed, except\nmcp_pinconf_get/set(), the driver already takes mcp-\u003elock.\n\nThis patch adds locking in mcp_pinconf_get/set() and disables internal\nlocking in the regmap config. Among other things, it fixes the sleeping\nin atomic context described above.",
  "id": "GHSA-5xqg-j6jp-j9g5",
  "modified": "2025-01-15T15:31:25Z",
  "published": "2025-01-15T15:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57889"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0310cbad163a908d09d99c26827859365cd71fcb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/788d9e9a41b81893d6bb8faa05f045c975278318"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/830f838589522404cd7c2f0f540602f25034af61"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8c6fd5803b988a5e78c9b9e42c70a936d7cfc6ec"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9372e160d8211a7e17f2abff8370794f182df785"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a37eecb705f33726f1fb7cd2a67e514a15dfe693"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c55d186376a87b468c9ee30f2195e0f3857f61a0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2024-57889

Vulnerability from cvelistv5

fkie_cve-2024-57889

Vulnerability from fkie_nvd

wid-sec-w-2025-0105

Vulnerability from csaf_certbund

ghsa-5xqg-j6jp-j9g5

Vulnerability from github

Tags

Sightings

Nomenclature