// For flags

CVE-2024-50093

thermal: intel: int340x: processor: Fix warning during module unload

Severity Score

"-"
*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

thermal: intel: int340x: processor: Fix warning during module unload

The processor_thermal driver uses pcim_device_enable() to enable a PCI
device, which means the device will be automatically disabled on driver
detach. Thus there is no need to call pci_disable_device() again on it.

With recent PCI device resource management improvements, e.g. commit
f748a07a0b64 ("PCI: Remove legacy pcim_release()"), this problem is
exposed and triggers the warining below.

[ 224.010735] proc_thermal_pci 0000:00:04.0: disabling already-disabled device
[ 224.010747] WARNING: CPU: 8 PID: 4442 at drivers/pci/pci.c:2250 pci_disable_device+0xe5/0x100
...
[ 224.010844] Call Trace:
[ 224.010845] <TASK>
[ 224.010847] ? show_regs+0x6d/0x80
[ 224.010851] ? __warn+0x8c/0x140
[ 224.010854] ? pci_disable_device+0xe5/0x100
[ 224.010856] ? report_bug+0x1c9/0x1e0
[ 224.010859] ? handle_bug+0x46/0x80
[ 224.010862] ? exc_invalid_op+0x1d/0x80
[ 224.010863] ? asm_exc_invalid_op+0x1f/0x30
[ 224.010867] ? pci_disable_device+0xe5/0x100
[ 224.010869] ? pci_disable_device+0xe5/0x100
[ 224.010871] ? kfree+0x21a/0x2b0
[ 224.010873] pcim_disable_device+0x20/0x30
[ 224.010875] devm_action_release+0x16/0x20
[ 224.010878] release_nodes+0x47/0xc0
[ 224.010880] devres_release_all+0x9f/0xe0
[ 224.010883] device_unbind_cleanup+0x12/0x80
[ 224.010885] device_release_driver_internal+0x1ca/0x210
[ 224.010887] driver_detach+0x4e/0xa0
[ 224.010889] bus_remove_driver+0x6f/0xf0
[ 224.010890] driver_unregister+0x35/0x60
[ 224.010892] pci_unregister_driver+0x44/0x90
[ 224.010894] proc_thermal_pci_driver_exit+0x14/0x5f0 [processor_thermal_device_pci]
...
[ 224.010921] ---[ end trace 0000000000000000 ]---

Remove the excess pci_disable_device() calls.

[ rjw: Subject and changelog edits ]

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: thermal: intel: int340x: procesador: Se corrige la advertencia durante la descarga del módulo. El controlador procesador_thermal utiliza pcim_device_enable() para habilitar un dispositivo PCI, lo que significa que el dispositivo se deshabilitará automáticamente al desconectar el controlador. Por lo tanto, no es necesario volver a llamar a pci_disable_device() en él. Con las recientes mejoras en la administración de recursos del dispositivo PCI, por ejemplo, la confirmación f748a07a0b64 ("PCI: Eliminar el legado pcim_release()"), este problema queda expuesto y activa la advertencia siguiente. [ 224.010735] proc_thermal_pci 0000:00:04.0: deshabilitando dispositivo ya deshabilitado [ 224.010747] ADVERTENCIA: CPU: 8 PID: 4442 en drivers/pci/pci.c:2250 pci_disable_device+0xe5/0x100 ... [ 224.010844] Seguimiento de llamadas: [ 224.010845] [ 224.010847] ? show_regs+0x6d/0x80 [ 224.010851] ? __warn+0x8c/0x140 [ 224.010854] ? pci_disable_device+0xe5/0x100 [ 224.010856] ? report_bug+0x1c9/0x1e0 [ 224.010859] ? handle_bug+0x46/0x80 [ 224.010862] ? exc_invalid_op+0x1d/0x80 [ 224.010863] ? asm_exc_invalid_op+0x1f/0x30 [ 224.010867] ? pci_disable_device+0xe5/0x100 [ 224.010869] ? pci_disable_device+0xe5/0x100 [ 224.010871] ? kfree+0x21a/0x2b0 [ 224.010873] pcim_disable_device+0x20/0x30 [ 224.010875] devm_action_release+0x16/0x20 [ 224.010878] release_nodes+0x47/0xc0 [ 224.010880] devres_release_all+0x9f/0xe0 [ 224.010883] device_unbind_cleanup+0x12/0x80 [ 224.010885] device_release_driver_internal+0x1ca/0x210 [ 224.010887] driver_detach+0x4e/0xa0 [ 224.010889] bus_remove_driver+0x6f/0xf0 [ 224.010890] driver_unregister+0x35/0x60 [ 224.010892] pci_unregister_driver+0x44/0x90 [ 224.010894] proc_thermal_pci_driver_exit+0x14/0x5f0 [processor_thermal_device_pci] ... [ 224.010921] ---[ fin del seguimiento 000000000000000 ]--- Elimine las llamadas pci_disable_device() en exceso. [ rjw: Asunto y ediciones del registro de cambios ]

*Credits: N/A
CVSS Scores
Attack Vector
-
Attack Complexity
-
Privileges Required
-
User Interaction
-
Scope
-
Confidentiality
-
Integrity
-
Availability
-
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2024-10-21 CVE Reserved
  • 2024-11-05 CVE Published
  • 2024-11-05 CVE Updated
  • 2024-11-06 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.14 < 5.15.168
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 5.15.168"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.14 < 6.1.113
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.1.113"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.14 < 6.6.57
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.6.57"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.14 < 6.11.4
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.11.4"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.14 < 6.12-rc3
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.12-rc3"
en
Affected