CVE-2024-36950 (GCVE-0-2024-36950)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:35 – Updated: 2026-05-11 20:17
VLAI?
Title
firewire: ohci: mask bus reset interrupts between ISR and bottom half
Summary
In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and cleared the interrupt. Normally, we always leave bus reset interrupts masked. We infer the bus reset from the self-ID interrupt that happens shortly thereafter. A scenario where we unmask bus reset interrupts was introduced in 2008 in a007bb857e0b26f5d8b73c2ff90782d9c0972620: If OHCI_PARAM_DEBUG_BUSRESETS (8) is set in the debug parameter bitmask, we will unmask bus reset interrupts so we can log them. irq_handler logs the bus reset interrupt. However, we can't clear the bus reset event flag in irq_handler, because we won't service the event until later. irq_handler exits with the event flag still set. If the corresponding interrupt is still unmasked, the first bus reset will usually freeze the system due to irq_handler being called again each time it exits. This freeze can be reproduced by loading firewire_ohci with "modprobe firewire_ohci debug=-1" (to enable all debugging output). Apparently there are also some cases where bus_reset_work will get called soon enough to clear the event, and operation will continue normally. This freeze was first reported a few months after a007bb85 was committed, but until now it was never fixed. The debug level could safely be set to -1 through sysfs after the module was loaded, but this would be ineffectual in logging bus reset interrupts since they were only unmasked during initialization. irq_handler will now leave the event flag set but mask bus reset interrupts, so irq_handler won't be called again and there will be no freeze. If OHCI_PARAM_DEBUG_BUSRESETS is enabled, bus_reset_work will unmask the interrupt after servicing the event, so future interrupts will be caught as desired. As a side effect to this change, OHCI_PARAM_DEBUG_BUSRESETS can now be enabled through sysfs in addition to during initial module loading. However, when enabled through sysfs, logging of bus reset interrupts will be effective only starting with the second bus reset, after bus_reset_work has executed.
Severity ?
4.4 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: a007bb857e0b26f5d8b73c2ff90782d9c0972620 , < b3948c69d60279fce5b2eeda92a07d66296c8130 (git)
Affected: a007bb857e0b26f5d8b73c2ff90782d9c0972620 , < 31279bbca40d2f40cb3bbb6d538ec9620a645dec (git)
Affected: a007bb857e0b26f5d8b73c2ff90782d9c0972620 , < fa273f312334246c909475c5868e6daab889cc8c (git)
Affected: a007bb857e0b26f5d8b73c2ff90782d9c0972620 , < 4f9cc355c328fc4f41cbd9c4cd58b235184fa420 (git)
Affected: a007bb857e0b26f5d8b73c2ff90782d9c0972620 , < 6fafe3661712b143d9c69a7322294bd53f559d5d (git)
Affected: a007bb857e0b26f5d8b73c2ff90782d9c0972620 , < 5982887de60c1b84f9c0ca07c835814d07fd1da0 (git)
Affected: a007bb857e0b26f5d8b73c2ff90782d9c0972620 , < 8643332aac0576581cfdf01798ea3e4e0d624b61 (git)
Affected: a007bb857e0b26f5d8b73c2ff90782d9c0972620 , < 752e3c53de0fa3b7d817a83050b6699b8e9c6ec9 (git)
Create a notification for this product.
Linux Linux Affected: 2.6.26
Unaffected: 0 , < 2.6.26 (semver)
Unaffected: 4.19.314 , ≤ 4.19.* (semver)
Unaffected: 5.4.276 , ≤ 5.4.* (semver)
Unaffected: 5.10.217 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 4.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-36950",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-04T15:34:28.122404Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-20T14:13:44.582Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.561Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/31279bbca40d2f40cb3bbb6d538ec9620a645dec"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fa273f312334246c909475c5868e6daab889cc8c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4f9cc355c328fc4f41cbd9c4cd58b235184fa420"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6fafe3661712b143d9c69a7322294bd53f559d5d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5982887de60c1b84f9c0ca07c835814d07fd1da0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8643332aac0576581cfdf01798ea3e4e0d624b61"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/752e3c53de0fa3b7d817a83050b6699b8e9c6ec9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/firewire/ohci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b3948c69d60279fce5b2eeda92a07d66296c8130",
              "status": "affected",
              "version": "a007bb857e0b26f5d8b73c2ff90782d9c0972620",
              "versionType": "git"
            },
            {
              "lessThan": "31279bbca40d2f40cb3bbb6d538ec9620a645dec",
              "status": "affected",
              "version": "a007bb857e0b26f5d8b73c2ff90782d9c0972620",
              "versionType": "git"
            },
            {
              "lessThan": "fa273f312334246c909475c5868e6daab889cc8c",
              "status": "affected",
              "version": "a007bb857e0b26f5d8b73c2ff90782d9c0972620",
              "versionType": "git"
            },
            {
              "lessThan": "4f9cc355c328fc4f41cbd9c4cd58b235184fa420",
              "status": "affected",
              "version": "a007bb857e0b26f5d8b73c2ff90782d9c0972620",
              "versionType": "git"
            },
            {
              "lessThan": "6fafe3661712b143d9c69a7322294bd53f559d5d",
              "status": "affected",
              "version": "a007bb857e0b26f5d8b73c2ff90782d9c0972620",
              "versionType": "git"
            },
            {
              "lessThan": "5982887de60c1b84f9c0ca07c835814d07fd1da0",
              "status": "affected",
              "version": "a007bb857e0b26f5d8b73c2ff90782d9c0972620",
              "versionType": "git"
            },
            {
              "lessThan": "8643332aac0576581cfdf01798ea3e4e0d624b61",
              "status": "affected",
              "version": "a007bb857e0b26f5d8b73c2ff90782d9c0972620",
              "versionType": "git"
            },
            {
              "lessThan": "752e3c53de0fa3b7d817a83050b6699b8e9c6ec9",
              "status": "affected",
              "version": "a007bb857e0b26f5d8b73c2ff90782d9c0972620",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/firewire/ohci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.26"
            },
            {
              "lessThan": "2.6.26",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.314",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.217",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.314",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.276",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.217",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirewire: ohci: mask bus reset interrupts between ISR and bottom half\n\nIn the FireWire OHCI interrupt handler, if a bus reset interrupt has\noccurred, mask bus reset interrupts until bus_reset_work has serviced and\ncleared the interrupt.\n\nNormally, we always leave bus reset interrupts masked. We infer the bus\nreset from the self-ID interrupt that happens shortly thereafter. A\nscenario where we unmask bus reset interrupts was introduced in 2008 in\na007bb857e0b26f5d8b73c2ff90782d9c0972620: If\nOHCI_PARAM_DEBUG_BUSRESETS (8) is set in the debug parameter bitmask, we\nwill unmask bus reset interrupts so we can log them.\n\nirq_handler logs the bus reset interrupt. However, we can\u0027t clear the bus\nreset event flag in irq_handler, because we won\u0027t service the event until\nlater. irq_handler exits with the event flag still set. If the\ncorresponding interrupt is still unmasked, the first bus reset will\nusually freeze the system due to irq_handler being called again each\ntime it exits. This freeze can be reproduced by loading firewire_ohci\nwith \"modprobe firewire_ohci debug=-1\" (to enable all debugging output).\nApparently there are also some cases where bus_reset_work will get called\nsoon enough to clear the event, and operation will continue normally.\n\nThis freeze was first reported a few months after a007bb85 was committed,\nbut until now it was never fixed. The debug level could safely be set\nto -1 through sysfs after the module was loaded, but this would be\nineffectual in logging bus reset interrupts since they were only\nunmasked during initialization.\n\nirq_handler will now leave the event flag set but mask bus reset\ninterrupts, so irq_handler won\u0027t be called again and there will be no\nfreeze. If OHCI_PARAM_DEBUG_BUSRESETS is enabled, bus_reset_work will\nunmask the interrupt after servicing the event, so future interrupts\nwill be caught as desired.\n\nAs a side effect to this change, OHCI_PARAM_DEBUG_BUSRESETS can now be\nenabled through sysfs in addition to during initial module loading.\nHowever, when enabled through sysfs, logging of bus reset interrupts will\nbe effective only starting with the second bus reset, after\nbus_reset_work has executed."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:17:37.975Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130"
        },
        {
          "url": "https://git.kernel.org/stable/c/31279bbca40d2f40cb3bbb6d538ec9620a645dec"
        },
        {
          "url": "https://git.kernel.org/stable/c/fa273f312334246c909475c5868e6daab889cc8c"
        },
        {
          "url": "https://git.kernel.org/stable/c/4f9cc355c328fc4f41cbd9c4cd58b235184fa420"
        },
        {
          "url": "https://git.kernel.org/stable/c/6fafe3661712b143d9c69a7322294bd53f559d5d"
        },
        {
          "url": "https://git.kernel.org/stable/c/5982887de60c1b84f9c0ca07c835814d07fd1da0"
        },
        {
          "url": "https://git.kernel.org/stable/c/8643332aac0576581cfdf01798ea3e4e0d624b61"
        },
        {
          "url": "https://git.kernel.org/stable/c/752e3c53de0fa3b7d817a83050b6699b8e9c6ec9"
        }
      ],
      "title": "firewire: ohci: mask bus reset interrupts between ISR and bottom half",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36950",
    "datePublished": "2024-05-30T15:35:46.262Z",
    "dateReserved": "2024-05-30T15:25:07.079Z",
    "dateUpdated": "2026-05-11T20:17:37.975Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-36950",
      "date": "2026-05-19",
      "epss": "0.00016",
      "percentile": "0.03571"
    },
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nfirewire: ohci: mask bus reset interrupts between ISR and bottom half\\n\\nIn the FireWire OHCI interrupt handler, if a bus reset interrupt has\\noccurred, mask bus reset interrupts until bus_reset_work has serviced and\\ncleared the interrupt.\\n\\nNormally, we always leave bus reset interrupts masked. We infer the bus\\nreset from the self-ID interrupt that happens shortly thereafter. A\\nscenario where we unmask bus reset interrupts was introduced in 2008 in\\na007bb857e0b26f5d8b73c2ff90782d9c0972620: If\\nOHCI_PARAM_DEBUG_BUSRESETS (8) is set in the debug parameter bitmask, we\\nwill unmask bus reset interrupts so we can log them.\\n\\nirq_handler logs the bus reset interrupt. However, we can\u0027t clear the bus\\nreset event flag in irq_handler, because we won\u0027t service the event until\\nlater. irq_handler exits with the event flag still set. If the\\ncorresponding interrupt is still unmasked, the first bus reset will\\nusually freeze the system due to irq_handler being called again each\\ntime it exits. This freeze can be reproduced by loading firewire_ohci\\nwith \\\"modprobe firewire_ohci debug=-1\\\" (to enable all debugging output).\\nApparently there are also some cases where bus_reset_work will get called\\nsoon enough to clear the event, and operation will continue normally.\\n\\nThis freeze was first reported a few months after a007bb85 was committed,\\nbut until now it was never fixed. The debug level could safely be set\\nto -1 through sysfs after the module was loaded, but this would be\\nineffectual in logging bus reset interrupts since they were only\\nunmasked during initialization.\\n\\nirq_handler will now leave the event flag set but mask bus reset\\ninterrupts, so irq_handler won\u0027t be called again and there will be no\\nfreeze. If OHCI_PARAM_DEBUG_BUSRESETS is enabled, bus_reset_work will\\nunmask the interrupt after servicing the event, so future interrupts\\nwill be caught as desired.\\n\\nAs a side effect to this change, OHCI_PARAM_DEBUG_BUSRESETS can now be\\nenabled through sysfs in addition to during initial module loading.\\nHowever, when enabled through sysfs, logging of bus reset interrupts will\\nbe effective only starting with the second bus reset, after\\nbus_reset_work has executed.\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firewire: ohci: enmascara las interrupciones de reinicio del bus entre ISR y la mitad inferior. En el controlador de interrupciones FireWire OHCI, si se ha producido una interrupci\\u00f3n de reinicio del bus, enmascara las interrupciones de reinicio del bus hasta que bus_reset_work haya sido reparado y borrado la interrupci\\u00f3n. Normalmente, siempre dejamos enmascaradas las interrupciones de reinicio del bus. Inferimos el reinicio del bus a partir de la interrupci\\u00f3n de la autoidentificaci\\u00f3n que ocurre poco despu\\u00e9s. En 2008 se introdujo un escenario en el que desenmascaramos las interrupciones de reinicio del bus en a007bb857e0b26f5d8b73c2ff90782d9c0972620: Si OHCI_PARAM_DEBUG_BUSRESETS (8) est\\u00e1 configurado en la m\\u00e1scara de bits del par\\u00e1metro de depuraci\\u00f3n, desenmascararemos las interrupciones de reinicio del bus para poder registrarlas. irq_handler registra la interrupci\\u00f3n de reinicio del bus. Sin embargo, no podemos borrar el indicador de evento de reinicio del bus en irq_handler porque no atenderemos el evento hasta m\\u00e1s tarde. irq_handler sale con el indicador de evento a\\u00fan configurado. Si la interrupci\\u00f3n correspondiente a\\u00fan est\\u00e1 desenmascarada, el primer reinicio del bus generalmente congelar\\u00e1 el sistema debido a que se vuelve a llamar a irq_handler cada vez que sale. Esta congelaci\\u00f3n se puede reproducir cargando firewire_ohci con \\\"modprobe firewire_ohci debug=-1\\\" (para habilitar todos los resultados de depuraci\\u00f3n). Aparentemente, tambi\\u00e9n hay algunos casos en los que se llamar\\u00e1 a bus_reset_work lo suficientemente pronto como para borrar el evento y la operaci\\u00f3n continuar\\u00e1 normalmente. Esta congelaci\\u00f3n se inform\\u00f3 por primera vez unos meses despu\\u00e9s del commit a007bb85, pero hasta ahora nunca se hab\\u00eda solucionado. El nivel de depuraci\\u00f3n podr\\u00eda establecerse de forma segura en -1 a trav\\u00e9s de sysfs despu\\u00e9s de cargar el m\\u00f3dulo, pero esto ser\\u00eda ineficaz para registrar las interrupciones de reinicio del bus ya que s\\u00f3lo se desenmascararon durante la inicializaci\\u00f3n. irq_handler ahora dejar\\u00e1 establecido el indicador de evento pero enmascarar\\u00e1 las interrupciones de reinicio del bus, por lo que no se volver\\u00e1 a llamar a irq_handler y no se congelar\\u00e1. Si OHCI_PARAM_DEBUG_BUSRESETS est\\u00e1 habilitado, bus_reset_work desenmascarar\\u00e1 la interrupci\\u00f3n despu\\u00e9s de atender el evento, por lo que las interrupciones futuras se detectar\\u00e1n seg\\u00fan se desee. Como efecto secundario de este cambio, OHCI_PARAM_DEBUG_BUSRESETS ahora se puede habilitar a trav\\u00e9s de sysfs adem\\u00e1s de durante la carga inicial del m\\u00f3dulo. Sin embargo, cuando se habilita a trav\\u00e9s de sysfs, el registro de interrupciones de reinicio del bus ser\\u00e1 efectivo solo a partir del segundo reinicio del bus, despu\\u00e9s de que se haya ejecutado bus_reset_work.\"}]",
      "id": "CVE-2024-36950",
      "lastModified": "2024-11-21T09:22:53.400",
      "published": "2024-05-30T16:15:18.000",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/31279bbca40d2f40cb3bbb6d538ec9620a645dec\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/4f9cc355c328fc4f41cbd9c4cd58b235184fa420\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/5982887de60c1b84f9c0ca07c835814d07fd1da0\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/6fafe3661712b143d9c69a7322294bd53f559d5d\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/752e3c53de0fa3b7d817a83050b6699b8e9c6ec9\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/8643332aac0576581cfdf01798ea3e4e0d624b61\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/fa273f312334246c909475c5868e6daab889cc8c\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/31279bbca40d2f40cb3bbb6d538ec9620a645dec\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/4f9cc355c328fc4f41cbd9c4cd58b235184fa420\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/5982887de60c1b84f9c0ca07c835814d07fd1da0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/6fafe3661712b143d9c69a7322294bd53f559d5d\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/752e3c53de0fa3b7d817a83050b6699b8e9c6ec9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/8643332aac0576581cfdf01798ea3e4e0d624b61\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/fa273f312334246c909475c5868e6daab889cc8c\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Awaiting Analysis"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-36950\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-30T16:15:18.000\",\"lastModified\":\"2025-12-17T03:29:40.863\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nfirewire: ohci: mask bus reset interrupts between ISR and bottom half\\n\\nIn the FireWire OHCI interrupt handler, if a bus reset interrupt has\\noccurred, mask bus reset interrupts until bus_reset_work has serviced and\\ncleared the interrupt.\\n\\nNormally, we always leave bus reset interrupts masked. We infer the bus\\nreset from the self-ID interrupt that happens shortly thereafter. A\\nscenario where we unmask bus reset interrupts was introduced in 2008 in\\na007bb857e0b26f5d8b73c2ff90782d9c0972620: If\\nOHCI_PARAM_DEBUG_BUSRESETS (8) is set in the debug parameter bitmask, we\\nwill unmask bus reset interrupts so we can log them.\\n\\nirq_handler logs the bus reset interrupt. However, we can\u0027t clear the bus\\nreset event flag in irq_handler, because we won\u0027t service the event until\\nlater. irq_handler exits with the event flag still set. If the\\ncorresponding interrupt is still unmasked, the first bus reset will\\nusually freeze the system due to irq_handler being called again each\\ntime it exits. This freeze can be reproduced by loading firewire_ohci\\nwith \\\"modprobe firewire_ohci debug=-1\\\" (to enable all debugging output).\\nApparently there are also some cases where bus_reset_work will get called\\nsoon enough to clear the event, and operation will continue normally.\\n\\nThis freeze was first reported a few months after a007bb85 was committed,\\nbut until now it was never fixed. The debug level could safely be set\\nto -1 through sysfs after the module was loaded, but this would be\\nineffectual in logging bus reset interrupts since they were only\\nunmasked during initialization.\\n\\nirq_handler will now leave the event flag set but mask bus reset\\ninterrupts, so irq_handler won\u0027t be called again and there will be no\\nfreeze. If OHCI_PARAM_DEBUG_BUSRESETS is enabled, bus_reset_work will\\nunmask the interrupt after servicing the event, so future interrupts\\nwill be caught as desired.\\n\\nAs a side effect to this change, OHCI_PARAM_DEBUG_BUSRESETS can now be\\nenabled through sysfs in addition to during initial module loading.\\nHowever, when enabled through sysfs, logging of bus reset interrupts will\\nbe effective only starting with the second bus reset, after\\nbus_reset_work has executed.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firewire: ohci: enmascara las interrupciones de reinicio del bus entre ISR y la mitad inferior. En el controlador de interrupciones FireWire OHCI, si se ha producido una interrupci\u00f3n de reinicio del bus, enmascara las interrupciones de reinicio del bus hasta que bus_reset_work haya sido reparado y borrado la interrupci\u00f3n. Normalmente, siempre dejamos enmascaradas las interrupciones de reinicio del bus. Inferimos el reinicio del bus a partir de la interrupci\u00f3n de la autoidentificaci\u00f3n que ocurre poco despu\u00e9s. En 2008 se introdujo un escenario en el que desenmascaramos las interrupciones de reinicio del bus en a007bb857e0b26f5d8b73c2ff90782d9c0972620: Si OHCI_PARAM_DEBUG_BUSRESETS (8) est\u00e1 configurado en la m\u00e1scara de bits del par\u00e1metro de depuraci\u00f3n, desenmascararemos las interrupciones de reinicio del bus para poder registrarlas. irq_handler registra la interrupci\u00f3n de reinicio del bus. Sin embargo, no podemos borrar el indicador de evento de reinicio del bus en irq_handler porque no atenderemos el evento hasta m\u00e1s tarde. irq_handler sale con el indicador de evento a\u00fan configurado. Si la interrupci\u00f3n correspondiente a\u00fan est\u00e1 desenmascarada, el primer reinicio del bus generalmente congelar\u00e1 el sistema debido a que se vuelve a llamar a irq_handler cada vez que sale. Esta congelaci\u00f3n se puede reproducir cargando firewire_ohci con \\\"modprobe firewire_ohci debug=-1\\\" (para habilitar todos los resultados de depuraci\u00f3n). Aparentemente, tambi\u00e9n hay algunos casos en los que se llamar\u00e1 a bus_reset_work lo suficientemente pronto como para borrar el evento y la operaci\u00f3n continuar\u00e1 normalmente. Esta congelaci\u00f3n se inform\u00f3 por primera vez unos meses despu\u00e9s del commit a007bb85, pero hasta ahora nunca se hab\u00eda solucionado. El nivel de depuraci\u00f3n podr\u00eda establecerse de forma segura en -1 a trav\u00e9s de sysfs despu\u00e9s de cargar el m\u00f3dulo, pero esto ser\u00eda ineficaz para registrar las interrupciones de reinicio del bus ya que s\u00f3lo se desenmascararon durante la inicializaci\u00f3n. irq_handler ahora dejar\u00e1 establecido el indicador de evento pero enmascarar\u00e1 las interrupciones de reinicio del bus, por lo que no se volver\u00e1 a llamar a irq_handler y no se congelar\u00e1. Si OHCI_PARAM_DEBUG_BUSRESETS est\u00e1 habilitado, bus_reset_work desenmascarar\u00e1 la interrupci\u00f3n despu\u00e9s de atender el evento, por lo que las interrupciones futuras se detectar\u00e1n seg\u00fan se desee. Como efecto secundario de este cambio, OHCI_PARAM_DEBUG_BUSRESETS ahora se puede habilitar a trav\u00e9s de sysfs adem\u00e1s de durante la carga inicial del m\u00f3dulo. Sin embargo, cuando se habilita a trav\u00e9s de sysfs, el registro de interrupciones de reinicio del bus ser\u00e1 efectivo solo a partir del segundo reinicio del bus, despu\u00e9s de que se haya ejecutado bus_reset_work.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.19.314\",\"matchCriteriaId\":\"1350A539-B5DC-4612-9B61-E5516FD777D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.276\",\"matchCriteriaId\":\"126C6EEC-8874-4233-AE09-634924FCDDF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.217\",\"matchCriteriaId\":\"AC67C71C-2044-40BA-B590-61E562F69F89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.159\",\"matchCriteriaId\":\"F16678CD-F7C6-4BF6-ABA8-E7600857197B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.91\",\"matchCriteriaId\":\"4F8C886C-75AA-469B-A6A9-12BF1A29C0D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.31\",\"matchCriteriaId\":\"CDDB1F69-36AC-41C1-9192-E7CCEF5FFC00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.8.10\",\"matchCriteriaId\":\"6A6B920C-8D8F-4130-86B4-AD334F4CF2E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"22BEDD49-2C6D-402D-9DBF-6646F6ECD10B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/31279bbca40d2f40cb3bbb6d538ec9620a645dec\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/4f9cc355c328fc4f41cbd9c4cd58b235184fa420\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/5982887de60c1b84f9c0ca07c835814d07fd1da0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6fafe3661712b143d9c69a7322294bd53f559d5d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/752e3c53de0fa3b7d817a83050b6699b8e9c6ec9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/8643332aac0576581cfdf01798ea3e4e0d624b61\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/fa273f312334246c909475c5868e6daab889cc8c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/31279bbca40d2f40cb3bbb6d538ec9620a645dec\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/4f9cc355c328fc4f41cbd9c4cd58b235184fa420\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/5982887de60c1b84f9c0ca07c835814d07fd1da0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6fafe3661712b143d9c69a7322294bd53f559d5d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/752e3c53de0fa3b7d817a83050b6699b8e9c6ec9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/8643332aac0576581cfdf01798ea3e4e0d624b61\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/fa273f312334246c909475c5868e6daab889cc8c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"Mailing List\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/31279bbca40d2f40cb3bbb6d538ec9620a645dec\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/fa273f312334246c909475c5868e6daab889cc8c\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/4f9cc355c328fc4f41cbd9c4cd58b235184fa420\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/6fafe3661712b143d9c69a7322294bd53f559d5d\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/5982887de60c1b84f9c0ca07c835814d07fd1da0\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/8643332aac0576581cfdf01798ea3e4e0d624b61\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/752e3c53de0fa3b7d817a83050b6699b8e9c6ec9\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T03:43:50.561Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-36950\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-04T15:34:28.122404Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-04T15:34:31.682Z\"}}], \"cna\": {\"title\": \"firewire: ohci: mask bus reset interrupts between ISR and bottom half\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"a007bb857e0b26f5d8b73c2ff90782d9c0972620\", \"lessThan\": \"b3948c69d60279fce5b2eeda92a07d66296c8130\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"a007bb857e0b26f5d8b73c2ff90782d9c0972620\", \"lessThan\": \"31279bbca40d2f40cb3bbb6d538ec9620a645dec\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"a007bb857e0b26f5d8b73c2ff90782d9c0972620\", \"lessThan\": \"fa273f312334246c909475c5868e6daab889cc8c\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"a007bb857e0b26f5d8b73c2ff90782d9c0972620\", \"lessThan\": \"4f9cc355c328fc4f41cbd9c4cd58b235184fa420\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"a007bb857e0b26f5d8b73c2ff90782d9c0972620\", \"lessThan\": \"6fafe3661712b143d9c69a7322294bd53f559d5d\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"a007bb857e0b26f5d8b73c2ff90782d9c0972620\", \"lessThan\": \"5982887de60c1b84f9c0ca07c835814d07fd1da0\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"a007bb857e0b26f5d8b73c2ff90782d9c0972620\", \"lessThan\": \"8643332aac0576581cfdf01798ea3e4e0d624b61\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"a007bb857e0b26f5d8b73c2ff90782d9c0972620\", \"lessThan\": \"752e3c53de0fa3b7d817a83050b6699b8e9c6ec9\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/firewire/ohci.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.6.26\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"2.6.26\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.19.314\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.276\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.217\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.159\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.91\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.31\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.8.10\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.8.*\"}, {\"status\": \"unaffected\", \"version\": \"6.9\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/firewire/ohci.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130\"}, {\"url\": \"https://git.kernel.org/stable/c/31279bbca40d2f40cb3bbb6d538ec9620a645dec\"}, {\"url\": \"https://git.kernel.org/stable/c/fa273f312334246c909475c5868e6daab889cc8c\"}, {\"url\": \"https://git.kernel.org/stable/c/4f9cc355c328fc4f41cbd9c4cd58b235184fa420\"}, {\"url\": \"https://git.kernel.org/stable/c/6fafe3661712b143d9c69a7322294bd53f559d5d\"}, {\"url\": \"https://git.kernel.org/stable/c/5982887de60c1b84f9c0ca07c835814d07fd1da0\"}, {\"url\": \"https://git.kernel.org/stable/c/8643332aac0576581cfdf01798ea3e4e0d624b61\"}, {\"url\": \"https://git.kernel.org/stable/c/752e3c53de0fa3b7d817a83050b6699b8e9c6ec9\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nfirewire: ohci: mask bus reset interrupts between ISR and bottom half\\n\\nIn the FireWire OHCI interrupt handler, if a bus reset interrupt has\\noccurred, mask bus reset interrupts until bus_reset_work has serviced and\\ncleared the interrupt.\\n\\nNormally, we always leave bus reset interrupts masked. We infer the bus\\nreset from the self-ID interrupt that happens shortly thereafter. A\\nscenario where we unmask bus reset interrupts was introduced in 2008 in\\na007bb857e0b26f5d8b73c2ff90782d9c0972620: If\\nOHCI_PARAM_DEBUG_BUSRESETS (8) is set in the debug parameter bitmask, we\\nwill unmask bus reset interrupts so we can log them.\\n\\nirq_handler logs the bus reset interrupt. However, we can\u0027t clear the bus\\nreset event flag in irq_handler, because we won\u0027t service the event until\\nlater. irq_handler exits with the event flag still set. If the\\ncorresponding interrupt is still unmasked, the first bus reset will\\nusually freeze the system due to irq_handler being called again each\\ntime it exits. This freeze can be reproduced by loading firewire_ohci\\nwith \\\"modprobe firewire_ohci debug=-1\\\" (to enable all debugging output).\\nApparently there are also some cases where bus_reset_work will get called\\nsoon enough to clear the event, and operation will continue normally.\\n\\nThis freeze was first reported a few months after a007bb85 was committed,\\nbut until now it was never fixed. The debug level could safely be set\\nto -1 through sysfs after the module was loaded, but this would be\\nineffectual in logging bus reset interrupts since they were only\\nunmasked during initialization.\\n\\nirq_handler will now leave the event flag set but mask bus reset\\ninterrupts, so irq_handler won\u0027t be called again and there will be no\\nfreeze. If OHCI_PARAM_DEBUG_BUSRESETS is enabled, bus_reset_work will\\nunmask the interrupt after servicing the event, so future interrupts\\nwill be caught as desired.\\n\\nAs a side effect to this change, OHCI_PARAM_DEBUG_BUSRESETS can now be\\nenabled through sysfs in addition to during initial module loading.\\nHowever, when enabled through sysfs, logging of bus reset interrupts will\\nbe effective only starting with the second bus reset, after\\nbus_reset_work has executed.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.19.314\", \"versionStartIncluding\": \"2.6.26\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.276\", \"versionStartIncluding\": \"2.6.26\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.217\", \"versionStartIncluding\": \"2.6.26\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.159\", \"versionStartIncluding\": \"2.6.26\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.91\", \"versionStartIncluding\": \"2.6.26\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.31\", \"versionStartIncluding\": \"2.6.26\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.8.10\", \"versionStartIncluding\": \"2.6.26\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.9\", \"versionStartIncluding\": \"2.6.26\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2026-01-05T10:36:28.444Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-36950\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-05T10:36:28.444Z\", \"dateReserved\": \"2024-05-30T15:25:07.079Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-05-30T15:35:46.262Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.