CVE-2024-27006
thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up()
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up()
The count field in struct trip_stats, representing the number of times
the zone temperature was above the trip point, needs to be incremented
in thermal_debug_tz_trip_up(), for two reasons.
First, if a trip point is crossed on the way up for the first time,
thermal_debug_update_temp() called from update_temperature() does
not see it because it has not been added to trips_crossed[] array
in the thermal zone's struct tz_debugfs object yet. Therefore, when
thermal_debug_tz_trip_up() is called after that, the trip point's
count value is 0, and the attempt to divide by it during the average
temperature computation leads to a divide error which causes the kernel
to crash. Setting the count to 1 before the division by incrementing it
fixes this problem.
Second, if a trip point is crossed on the way up, but it has been
crossed on the way up already before, its count value needs to be
incremented to make a record of the fact that the zone temperature is
above the trip now. Without doing that, if the mitigations applied
after crossing the trip cause the zone temperature to drop below its
threshold, the count will not be updated for this episode at all and
the average temperature in the trip statistics record will be somewhat
higher than it should be.
Cc :6.8+ <stable@vger.kernel.org> # 6.8+
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Thermal/debugfs: agregue el incremento de conteo faltante a Thermal_debug_tz_trip_up() El campo de conteo en la estructura trip_stats, que representa la cantidad de veces que la temperatura de la zona estuvo por encima del punto de disparo, debe incrementarse en Thermal_debug_tz_trip_up(), por dos razones. Primero, si se cruza un punto de viaje en el camino hacia arriba por primera vez, Thermal_debug_update_temp() llamado desde update_temperature() no lo ve porque aún no se ha agregado a la matriz trips_crossed[] en el objeto struct tz_debugfs de la zona térmica. Por lo tanto, cuando se llama a Thermal_debug_tz_trip_up() después de eso, el valor de conteo del punto de disparo es 0, y el intento de dividirlo durante el cálculo de la temperatura promedio conduce a un error de división que provoca que el kernel falle. Establecer el conteo en 1 antes de la división incrementándolo soluciona este problema. En segundo lugar, si se cruza un punto de viaje en el camino hacia arriba, pero ya se ha cruzado en el camino hacia arriba, es necesario incrementar su valor de conteo para registrar el hecho de que la temperatura de la zona está por encima del viaje en este momento. Sin hacer eso, si las mitigaciones aplicadas después de cruzar el viaje hacen que la temperatura de la zona caiga por debajo de su umbral, el conteo no se actualizará para este episodio en absoluto y la temperatura promedio en el registro de estadísticas del viaje será algo mayor de lo que debería ser. . CC :6.8+ # 6.8+
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-19 CVE Reserved
- 2024-05-01 CVE Published
- 2024-05-13 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/7ef01f228c9f54c6260319858be138a8a7e9e704 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://git.kernel.org/stable/c/9c8215d32e730b597c809a9d2090bf8ec1b79fcf | 2024-04-27 | |
| https://git.kernel.org/stable/c/b552f63cd43735048bbe9bfbb7a9dcfce166fbdd | 2024-04-19 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.8 < 6.8.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8 < 6.8.8" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.8 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8 < 6.9" | en |
Affected
| ||||||