U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2024-35876

Change History

CVE Translated by kernel.org 5/23/2024 10:15:09 AM

Action Type Old Value New Value
Removed Translation
Title: kernel de Linux
Description: En el kernel de Linux, se resolvió la siguiente vulnerabilidad: x86/mce: asegúrese de tomar mce_sysfs_mutex en set_bank() La modificación de los bits MCA_CTL de un banco MCA que controlan qué tipos de errores se informarán se realiza a través de /sys/devices/system/machinecheck / ??? machinecheck0? ??? bank0? ??? bank1? ??? bank10? ??? bank11 ... nodos sysfs escribiendo la nueva máscara de bits de eventos para habilitar. Cuando se acepta la escritura, el kernel elimina todos los temporizadores actuales y reinicia todos los banks. Hacer eso en paralelo puede llevar a inicializar un temporizador que ya está armado y en la rueda del temporizador, es decir, que ya está en uso: ODEBUG: init active (estado activo 0) objeto: ffff888063a28000 tipo de objeto: timer_list sugerencia: mce_timer_fn+0x0/0x240 arch /x86/kernel/cpu/mce/core.c:2642 ADVERTENCIA: CPU: 0 PID: 8120 en lib/debugobjects.c:514 debug_print_object+0x1a0/0x2a0 lib/debugobjects.c:514 Solucione eso tomando el mutex sysfs como el resto del código sysfs de MCA lo hace. Reportado por: Yue Sun  Reportado por: xingwei lee 

								
						

CVE Modified by kernel.org 5/23/2024 10:15:09 AM

Action Type Old Value New Value
Changed Description
In the Linux kernel, the following vulnerability has been resolved:

x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()

Modifying a MCA bank's MCA_CTL bits which control which error types to
be reported is done over

  /sys/devices/system/machinecheck/
  ??? machinecheck0
  ?   ??? bank0
  ?   ??? bank1
  ?   ??? bank10
  ?   ??? bank11
  ...

sysfs nodes by writing the new bit mask of events to enable.

When the write is accepted, the kernel deletes all current timers and
reinits all banks.

Doing that in parallel can lead to initializing a timer which is already
armed and in the timer wheel, i.e., in use already:

  ODEBUG: init active (active state 0) object: ffff888063a28000 object
  type: timer_list hint: mce_timer_fn+0x0/0x240 arch/x86/kernel/cpu/mce/core.c:2642
  WARNING: CPU: 0 PID: 8120 at lib/debugobjects.c:514
  debug_print_object+0x1a0/0x2a0 lib/debugobjects.c:514

Fix that by grabbing the sysfs mutex as the rest of the MCA sysfs code
does.

Reported by: Yue Sun <samsun1006219@gmail.com>
Reported by: xingwei lee <xrivendell7@gmail.com>
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Removed Reference
kernel.org https://git.kernel.org/stable/c/20a915154ccb88da08986ab6c9fc4c1cf6259de2

								
						
Removed Reference
kernel.org https://git.kernel.org/stable/c/32223b0b60d53f49567fc501f91ca076ae96be6b

								
						
Removed Reference
kernel.org https://git.kernel.org/stable/c/3ddf944b32f88741c303f0b21459dbb3872b8bc5

								
						
Removed Reference
kernel.org https://git.kernel.org/stable/c/5a02df3e92470efd589712925b5c722e730276a0

								
						
Removed Reference
kernel.org https://git.kernel.org/stable/c/976b1b2680fb4c01aaf05a0623288d87619a6c93

								
						
Removed Reference
kernel.org https://git.kernel.org/stable/c/f5e65b782f3e07324b9a8fa3cdaee422f057c758

								
						
Removed Reference
kernel.org https://git.kernel.org/stable/c/f860595512ff5c05a29fa4d64169c3fd1186b8cf

								
						

CVE Rejected by kernel.org 5/23/2024 10:15:09 AM

Action Type Old Value New Value