cve-2024-44937
Vulnerability from cvelistv5
Published
2024-08-26 10:11
Modified
2024-12-19 09:18
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: intel-vbtn: Protect ACPI notify handler against recursion
Since commit e2ffcda16290 ("ACPI: OSL: Allow Notify () handlers to run on
all CPUs") ACPI notify handlers like the intel-vbtn notify_handler() may
run on multiple CPU cores racing with themselves.
This race gets hit on Dell Venue 7140 tablets when undocking from
the keyboard, causing the handler to try and register priv->switches_dev
twice, as can be seen from the dev_info() message getting logged twice:
[ 83.861800] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event
[ 83.861858] input: Intel Virtual Switches as /devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17
[ 83.861865] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event
After which things go seriously wrong:
[ 83.861872] sysfs: cannot create duplicate filename '/devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17'
...
[ 83.861967] kobject: kobject_add_internal failed for input17 with -EEXIST, don't try to register things with the same name in the same directory.
[ 83.877338] BUG: kernel NULL pointer dereference, address: 0000000000000018
...
Protect intel-vbtn notify_handler() from racing with itself with a mutex
to fix this.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44937",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:27:41.784213Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:06.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/platform/x86/intel/vbtn.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5c9618a3b6ea94cf7bdff7702aca8bf2d777d97b",
"status": "affected",
"version": "e2ffcda1629012a2c1a3706432bc45fdc899a584",
"versionType": "git"
},
{
"lessThan": "e075c3b13a0a142dcd3151b25d29a24f31b7b640",
"status": "affected",
"version": "e2ffcda1629012a2c1a3706432bc45fdc899a584",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/platform/x86/intel/vbtn.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: intel-vbtn: Protect ACPI notify handler against recursion\n\nSince commit e2ffcda16290 (\"ACPI: OSL: Allow Notify () handlers to run on\nall CPUs\") ACPI notify handlers like the intel-vbtn notify_handler() may\nrun on multiple CPU cores racing with themselves.\n\nThis race gets hit on Dell Venue 7140 tablets when undocking from\nthe keyboard, causing the handler to try and register priv-\u003eswitches_dev\ntwice, as can be seen from the dev_info() message getting logged twice:\n\n[ 83.861800] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event\n[ 83.861858] input: Intel Virtual Switches as /devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17\n[ 83.861865] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event\n\nAfter which things go seriously wrong:\n[ 83.861872] sysfs: cannot create duplicate filename \u0027/devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17\u0027\n...\n[ 83.861967] kobject: kobject_add_internal failed for input17 with -EEXIST, don\u0027t try to register things with the same name in the same directory.\n[ 83.877338] BUG: kernel NULL pointer dereference, address: 0000000000000018\n...\n\nProtect intel-vbtn notify_handler() from racing with itself with a mutex\nto fix this."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:18:29.560Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5c9618a3b6ea94cf7bdff7702aca8bf2d777d97b"
},
{
"url": "https://git.kernel.org/stable/c/e075c3b13a0a142dcd3151b25d29a24f31b7b640"
}
],
"title": "platform/x86: intel-vbtn: Protect ACPI notify handler against recursion",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-44937",
"datePublished": "2024-08-26T10:11:30.234Z",
"dateReserved": "2024-08-21T05:34:56.664Z",
"dateUpdated": "2024-12-19T09:18:29.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-44937\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-08-26T11:15:05.753\",\"lastModified\":\"2024-08-27T16:10:11.423\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nplatform/x86: intel-vbtn: Protect ACPI notify handler against recursion\\n\\nSince commit e2ffcda16290 (\\\"ACPI: OSL: Allow Notify () handlers to run on\\nall CPUs\\\") ACPI notify handlers like the intel-vbtn notify_handler() may\\nrun on multiple CPU cores racing with themselves.\\n\\nThis race gets hit on Dell Venue 7140 tablets when undocking from\\nthe keyboard, causing the handler to try and register priv-\u003eswitches_dev\\ntwice, as can be seen from the dev_info() message getting logged twice:\\n\\n[ 83.861800] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event\\n[ 83.861858] input: Intel Virtual Switches as /devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17\\n[ 83.861865] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event\\n\\nAfter which things go seriously wrong:\\n[ 83.861872] sysfs: cannot create duplicate filename \u0027/devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17\u0027\\n...\\n[ 83.861967] kobject: kobject_add_internal failed for input17 with -EEXIST, don\u0027t try to register things with the same name in the same directory.\\n[ 83.877338] BUG: kernel NULL pointer dereference, address: 0000000000000018\\n...\\n\\nProtect intel-vbtn notify_handler() from racing with itself with a mutex\\nto fix this.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: plataforma/x86: intel-vbtn: protege el controlador de notificaci\u00f3n ACPI contra la recursividad desde el commit e2ffcda16290 (\\\"ACPI: OSL: permitir que los controladores Notify () se ejecuten en todas las CPU\\\") Controladores de notificaci\u00f3n ACPI como intel-vbtn notify_handler() puede ejecutarse en m\u00faltiples n\u00facleos de CPU que compiten entre s\u00ed. Esta ejecuci\u00f3n se ve afectada en las tabletas Dell Venue 7140 al desacoplarlas del teclado, lo que hace que el controlador intente registrar priv-\u0026gt;switches_dev dos veces, como se puede ver en el mensaje dev_info() que se registra dos veces: [83.861800] intel-vbtn INT33D6: 00: Registro de conmutadores virtuales Intel input-dev despu\u00e9s de recibir un evento de conmutador [ 83.861858] entrada: Conmutadores virtuales Intel como /devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17 [ 83.861865] intel-vbtn INT33D6:00: Registro de conmutadores virtuales Intel input-dev despu\u00e9s de recibir un evento de cambio Despu\u00e9s del cual las cosas van muy mal: [83.861872] sysfs: no se puede crear un nombre de archivo duplicado \u0027/devices/pci0000:00/0000:00:1f .0/PNP0C09:00/INT33D6:00/input/input17\u0027 ... [83.861967] kobject: kobject_add_internal fall\u00f3 para input17 con -EEXIST, no intente registrar cosas con el mismo nombre en el mismo directorio. [83.877338] ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 00000000000000018... Proteja intel-vbtn notify_handler() para que no corra consigo mismo con un mutex para solucionar este problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.8\",\"versionEndExcluding\":\"6.10.5\",\"matchCriteriaId\":\"48E239A0-A959-4FAB-8475-D045FED3DDA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B3CE743-2126-47A3-8B7C-822B502CF119\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DEB27E7-30AA-45CC-8934-B89263EF3551\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/5c9618a3b6ea94cf7bdff7702aca8bf2d777d97b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e075c3b13a0a142dcd3151b25d29a24f31b7b640\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.