U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2024-26650

Change History

CVE Translated by kernel.org 5/23/2024 10:15:09 AM

Action Type Old Value New Value
Removed Translation
Title: kernel de Linux
Description: En el kernel de Linux, se resolvió la siguiente vulnerabilidad: plataforma/x86: p2sb: permitir llamadas a p2sb_bar() durante la sonda del dispositivo PCI p2sb_bar() muestra el dispositivo P2SB para obtener recursos del dispositivo. Protege la operación bloqueando pci_rescan_remove_lock para que los rescaneos paralelos no encuentren el dispositivo P2SB. Sin embargo, este bloqueo provoca un interbloqueo cuando /sys/bus/pci/rescan activa la nueva exploración del bus PCI. La nueva exploración bloquea pci_rescan_remove_lock y sondea los dispositivos PCI. Cuando los dispositivos PCI llaman a p2sb_bar() durante la prueba, bloquea pci_rescan_remove_lock nuevamente. De ahí el punto muerto. Para evitar el punto muerto, no bloquee pci_rescan_remove_lock en p2sb_bar(). En su lugar, realice el bloqueo en fs_initcall. Introduzca p2sb_cache_resources() para fs_initcall que obtiene y almacena en caché los recursos de P2SB. En p2sb_bar(), consulte el caché y regrese a la persona que llama. Antes de operar el dispositivo en P2SB DEVFN para caché de recursos, verifique que su clase de dispositivo sea PCI_CLASS_MEMORY_OTHER 0x0580 que definen las especificaciones PCH. Esto evita el funcionamiento inesperado de otros dispositivos en el mismo DEVFN. Probado por Klara Modin 

								
						

CVE Modified by kernel.org 5/23/2024 10:15:09 AM

Action Type Old Value New Value
Changed Description
In the Linux kernel, the following vulnerability has been resolved:

platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe

p2sb_bar() unhides P2SB device to get resources from the device. It
guards the operation by locking pci_rescan_remove_lock so that parallel
rescans do not find the P2SB device. However, this lock causes deadlock
when PCI bus rescan is triggered by /sys/bus/pci/rescan. The rescan
locks pci_rescan_remove_lock and probes PCI devices. When PCI devices
call p2sb_bar() during probe, it locks pci_rescan_remove_lock again.
Hence the deadlock.

To avoid the deadlock, do not lock pci_rescan_remove_lock in p2sb_bar().
Instead, do the lock at fs_initcall. Introduce p2sb_cache_resources()
for fs_initcall which gets and caches the P2SB resources. At p2sb_bar(),
refer the cache and return to the caller.

Before operating the device at P2SB DEVFN for resource cache, check
that its device class is PCI_CLASS_MEMORY_OTHER 0x0580 that PCH
specifications define. This avoids unexpected operation to other devices
at the same DEVFN.

Tested-by Klara Modin <klarasmodin@gmail.com>
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Removed Reference
kernel.org https://git.kernel.org/stable/c/2841631a03652f32b595c563695d0461072e0de4

								
						
Removed Reference
kernel.org https://git.kernel.org/stable/c/5913320eb0b3ec88158cfcb0fa5e996bf4ef681b

								
						
Removed Reference
kernel.org https://git.kernel.org/stable/c/847e1eb30e269a094da046c08273abe3f3361cf2

								
						
Removed Reference
kernel.org https://git.kernel.org/stable/c/d281ac9a987c553d93211b90fd4fe97d8eca32cd

								
						

CVE Rejected by kernel.org 5/23/2024 10:15:09 AM

Action Type Old Value New Value