You are viewing this page in an unauthorized frame window.
This is a potential security issue, you are being redirected to
https://nvd.nist.gov
An official website of the United States government
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
This CVE has been marked Rejected in the CVE List. These CVEs are stored in the NVD, but do not show up in search results by default.
Description
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Metrics
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected].
Title: kernel de Linux
Description: En el kernel de Linux, se resolvió la siguiente vulnerabilidad: plataforma/x86: p2sb: permitir llamadas a p2sb_bar() durante la sonda del dispositivo PCI p2sb_bar() muestra el dispositivo P2SB para obtener recursos del dispositivo. Protege la operación bloqueando pci_rescan_remove_lock para que los rescaneos paralelos no encuentren el dispositivo P2SB. Sin embargo, este bloqueo provoca un interbloqueo cuando /sys/bus/pci/rescan activa la nueva exploración del bus PCI. La nueva exploración bloquea pci_rescan_remove_lock y sondea los dispositivos PCI. Cuando los dispositivos PCI llaman a p2sb_bar() durante la prueba, bloquea pci_rescan_remove_lock nuevamente. De ahí el punto muerto. Para evitar el punto muerto, no bloquee pci_rescan_remove_lock en p2sb_bar(). En su lugar, realice el bloqueo en fs_initcall. Introduzca p2sb_cache_resources() para fs_initcall que obtiene y almacena en caché los recursos de P2SB. En p2sb_bar(), consulte el caché y regrese a la persona que llama. Antes de operar el dispositivo en P2SB DEVFN para caché de recursos, verifique que su clase de dispositivo sea PCI_CLASS_MEMORY_OTHER 0x0580 que definen las especificaciones PCH. Esto evita el funcionamiento inesperado de otros dispositivos en el mismo DEVFN. Probado por Klara Modin
CVE Modified by kernel.org5/23/2024 10:15:09 AM
Action
Type
Old Value
New Value
Changed
Description
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe
p2sb_bar() unhides P2SB device to get resources from the device. It
guards the operation by locking pci_rescan_remove_lock so that parallel
rescans do not find the P2SB device. However, this lock causes deadlock
when PCI bus rescan is triggered by /sys/bus/pci/rescan. The rescan
locks pci_rescan_remove_lock and probes PCI devices. When PCI devices
call p2sb_bar() during probe, it locks pci_rescan_remove_lock again.
Hence the deadlock.
To avoid the deadlock, do not lock pci_rescan_remove_lock in p2sb_bar().
Instead, do the lock at fs_initcall. Introduce p2sb_cache_resources()
for fs_initcall which gets and caches the P2SB resources. At p2sb_bar(),
refer the cache and return to the caller.
Before operating the device at P2SB DEVFN for resource cache, check
that its device class is PCI_CLASS_MEMORY_OTHER 0x0580 that PCH
specifications define. This avoids unexpected operation to other devices
at the same DEVFN.
Tested-by Klara Modin <[email protected]>
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
New CVE Received from kernel.org3/26/2024 2:15:10 PM
Action
Type
Old Value
New Value
Added
Description
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe
p2sb_bar() unhides P2SB device to get resources from the device. It
guards the operation by locking pci_rescan_remove_lock so that parallel
rescans do not find the P2SB device. However, this lock causes deadlock
when PCI bus rescan is triggered by /sys/bus/pci/rescan. The rescan
locks pci_rescan_remove_lock and probes PCI devices. When PCI devices
call p2sb_bar() during probe, it locks pci_rescan_remove_lock again.
Hence the deadlock.
To avoid the deadlock, do not lock pci_rescan_remove_lock in p2sb_bar().
Instead, do the lock at fs_initcall. Introduce p2sb_cache_resources()
for fs_initcall which gets and caches the P2SB resources. At p2sb_bar(),
refer the cache and return to the caller.
Before operating the device at P2SB DEVFN for resource cache, check
that its device class is PCI_CLASS_MEMORY_OTHER 0x0580 that PCH
specifications define. This avoids unexpected operation to other devices
at the same DEVFN.
Tested-by Klara Modin <[email protected]>
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
