CVE-2024-35836

dpll: fix pin dump crash for rebound module

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

dpll: fix pin dump crash for rebound module

When a kernel module is unbound but the pin resources were not entirely
freed (other kernel module instance of the same PCI device have had kept
the reference to that pin), and kernel module is again bound, the pin
properties would not be updated (the properties are only assigned when
memory for the pin is allocated), prop pointer still points to the
kernel module memory of the kernel module which was deallocated on the
unbind.

If the pin dump is invoked in this state, the result is a kernel crash.
Prevent the crash by storing persistent pin properties in dpll subsystem,
copy the content from the kernel module when pin is allocated, instead of
using memory of the kernel module.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: dpll: corregido el fallo del volcado de pin para el módulo de rebote. Cuando un módulo del kernel está desatado pero los recursos del pin no se liberaron por completo (otra instancia del módulo del kernel del mismo dispositivo PCI ha mantenido la referencia a ese pin), y el módulo del kernel está nuevamente vinculado, las propiedades del pin no se actualizarán (las propiedades solo se asignan cuando se asigna memoria para el pin), el puntero de propiedad aún apunta a la memoria del módulo del kernel que fue desasignado en la desvinculación. Si se invoca el volcado de pines en este estado, el resultado es una fallo del kernel. Evite el bloqueo almacenando propiedades de pin persistentes en el subsistema dpll, copie el contenido del módulo del kernel cuando se asigna el pin, en lugar de usar la memoria del módulo del kernel.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-17 CVE Reserved
2024-05-17 CVE Published
2024-05-18 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (3)

URL	Tag	Source
https://git.kernel.org/stable/c/9d71b54b65b1fb6c0d3a6c5c88ba9b915c783fbc	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/5050a5b9d8b4d3c6f7e376e07670e437db7ccf9c	2024-02-01
https://git.kernel.org/stable/c/830ead5fb0c5855ce4d70ba2ed4a673b5f1e7d9b	2024-01-22

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.7 < 6.7.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.7.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.7 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.8"		en		Affected