CVE-2024-35816
firewire: ohci: prevent leak of left-over IRQ on unbind
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
firewire: ohci: prevent leak of left-over IRQ on unbind
Commit 5a95f1ded28691e6 ("firewire: ohci: use devres for requested IRQ")
also removed the call to free_irq() in pci_remove(), leading to a
leftover irq of devm_request_irq() at pci_disable_msi() in pci_remove()
when unbinding the driver from the device
remove_proc_entry: removing non-empty directory 'irq/136', leaking at
least 'firewire_ohci'
Call Trace:
? remove_proc_entry+0x19c/0x1c0
? __warn+0x81/0x130
? remove_proc_entry+0x19c/0x1c0
? report_bug+0x171/0x1a0
? console_unlock+0x78/0x120
? handle_bug+0x3c/0x80
? exc_invalid_op+0x17/0x70
? asm_exc_invalid_op+0x1a/0x20
? remove_proc_entry+0x19c/0x1c0
unregister_irq_proc+0xf4/0x120
free_desc+0x3d/0xe0
? kfree+0x29f/0x2f0
irq_free_descs+0x47/0x70
msi_domain_free_locked.part.0+0x19d/0x1d0
msi_domain_free_irqs_all_locked+0x81/0xc0
pci_free_msi_irqs+0x12/0x40
pci_disable_msi+0x4c/0x60
pci_remove+0x9d/0xc0 [firewire_ohci
01b483699bebf9cb07a3d69df0aa2bee71db1b26]
pci_device_remove+0x37/0xa0
device_release_driver_internal+0x19f/0x200
unbind_store+0xa1/0xb0
remove irq with devm_free_irq() before pci_disable_msi()
also remove it in fail_msi: of pci_probe() as this would lead to
an identical leak
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: firewire: ohci: evita la fuga de IRQ sobrante al desvincular confirmación5a95f1ded28691e6 ("firewire: ohci: usa devres para IRQ solicitada") también eliminó la llamada a free_irq() en pci_remove (), lo que lleva a un irq sobrante de devm_request_irq() en pci_disable_msi() en pci_remove() al desvincular el controlador del dispositivo remove_proc_entry: eliminando el directorio no vacío 'irq/136', filtrando al menos 'firewire_ohci' Call Trace:? remove_proc_entry+0x19c/0x1c0? __advertir+0x81/0x130 ? remove_proc_entry+0x19c/0x1c0? report_bug+0x171/0x1a0? console_unlock+0x78/0x120? handle_bug+0x3c/0x80? exc_invalid_op+0x17/0x70? asm_exc_invalid_op+0x1a/0x20? remove_proc_entry+0x19c/0x1c0 unregister_irq_proc+0xf4/0x120 free_desc+0x3d/0xe0? kfree+0x29f/0x2f0 irq_free_descs+0x47/0x70 msi_domain_free_locked.part.0+0x19d/0x1d0 msi_domain_free_irqs_all_locked+0x81/0xc0 pci_free_msi_irqs+0x12/0x40 pci_disable_msi+0x4c/0x60 pci_remove+0x9d/0xc0 [firewire_ohci 01b483699bebf9cb07a3d69df0aa2bee71db1b26] pci_device_remove+0x37/0xa0 dispositivo_release_driver_internal+ 0x19f/0x200 unbind_store+0xa1/0xb0 elimina irq con devm_free_irq() antes de pci_disable_msi() también elimínalo en fail_msi: de pci_probe() ya que esto conduciría a una fuga idéntica
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-05-17 CVE Reserved
- 2024-05-17 CVE Published
- 2024-05-18 EPSS Updated
- 2024-09-11 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/5a95f1ded28691e69f7d6718c5dcbc149613d431 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.5 < 6.6.24 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.6.24" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.5 < 6.7.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.7.12" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.5 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.8" | en |
Affected
| ||||||