U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2024-36950 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and cleared the interrupt. Normally, we always leave bus reset interrupts masked. We infer the bus reset from the self-ID interrupt that happens shortly thereafter. A scenario where we unmask bus reset interrupts was introduced in 2008 in a007bb857e0b26f5d8b73c2ff90782d9c0972620: If OHCI_PARAM_DEBUG_BUSRESETS (8) is set in the debug parameter bitmask, we will unmask bus reset interrupts so we can log them. irq_handler logs the bus reset interrupt. However, we can't clear the bus reset event flag in irq_handler, because we won't service the event until later. irq_handler exits with the event flag still set. If the corresponding interrupt is still unmasked, the first bus reset will usually freeze the system due to irq_handler being called again each time it exits. This freeze can be reproduced by loading firewire_ohci with "modprobe firewire_ohci debug=-1" (to enable all debugging output). Apparently there are also some cases where bus_reset_work will get called soon enough to clear the event, and operation will continue normally. This freeze was first reported a few months after a007bb85 was committed, but until now it was never fixed. The debug level could safely be set to -1 through sysfs after the module was loaded, but this would be ineffectual in logging bus reset interrupts since they were only unmasked during initialization. irq_handler will now leave the event flag set but mask bus reset interrupts, so irq_handler won't be called again and there will be no freeze. If OHCI_PARAM_DEBUG_BUSRESETS is enabled, bus_reset_work will unmask the interrupt after servicing the event, so future interrupts will be caught as desired. As a side effect to this change, OHCI_PARAM_DEBUG_BUSRESETS can now be enabled through sysfs in addition to during initial module loading. However, when enabled through sysfs, logging of bus reset interrupts will be effective only starting with the second bus reset, after bus_reset_work has executed.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/31279bbca40d2f40cb3bbb6d538ec9620a645dec
https://git.kernel.org/stable/c/31279bbca40d2f40cb3bbb6d538ec9620a645dec
https://git.kernel.org/stable/c/4f9cc355c328fc4f41cbd9c4cd58b235184fa420
https://git.kernel.org/stable/c/4f9cc355c328fc4f41cbd9c4cd58b235184fa420
https://git.kernel.org/stable/c/5982887de60c1b84f9c0ca07c835814d07fd1da0
https://git.kernel.org/stable/c/5982887de60c1b84f9c0ca07c835814d07fd1da0
https://git.kernel.org/stable/c/6fafe3661712b143d9c69a7322294bd53f559d5d
https://git.kernel.org/stable/c/6fafe3661712b143d9c69a7322294bd53f559d5d
https://git.kernel.org/stable/c/752e3c53de0fa3b7d817a83050b6699b8e9c6ec9
https://git.kernel.org/stable/c/752e3c53de0fa3b7d817a83050b6699b8e9c6ec9
https://git.kernel.org/stable/c/8643332aac0576581cfdf01798ea3e4e0d624b61
https://git.kernel.org/stable/c/8643332aac0576581cfdf01798ea3e4e0d624b61
https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130
https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130
https://git.kernel.org/stable/c/fa273f312334246c909475c5868e6daab889cc8c
https://git.kernel.org/stable/c/fa273f312334246c909475c5868e6daab889cc8c
https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Weakness Enumeration

CWE-ID CWE Name Source

Change History

5 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-36950
NVD Published Date:
05/30/2024
NVD Last Modified:
11/21/2024
Source:
kernel.org