In the Linux kernel, the following vulnerability has been resolved:
powerpc/rtas: use correct function name for resetting TCE tables The PAPR
spec spells the function name as “ibm,reset-pe-dma-windows” but in practice
firmware uses the singular form: “ibm,reset-pe-dma-window” in the device
tree. Since we have the wrong spelling in the RTAS function table, reverse
lookups (token -> name) fail and warn: unexpected failed lookup for token
86 WARNING: CPU: 1 PID: 545 at arch/powerpc/kernel/rtas.c:659
__do_enter_rtas_trace+0x2a4/0x2b4 CPU: 1 PID: 545 Comm: systemd-udevd Not
tainted 6.8.0-rc4 #30 Hardware name: IBM,9105-22A POWER10 (raw) 0x800200
0xf000006 of:IBM,FW1060.00 (NL1060_028) hv:phyp pSeries NIP
[c0000000000417f0] __do_enter_rtas_trace+0x2a4/0x2b4 LR [c0000000000417ec]
__do_enter_rtas_trace+0x2a0/0x2b4 Call Trace:
__do_enter_rtas_trace+0x2a0/0x2b4 (unreliable) rtas_call+0x1f8/0x3e0
enable_ddw.constprop.0+0x4d0/0xc84 dma_iommu_dma_supported+0xe8/0x24c
dma_set_mask+0x5c/0xd8 mlx5_pci_init.constprop.0+0xf0/0x46c [mlx5_core]
probe_one+0xfc/0x32c [mlx5_core] local_pci_probe+0x68/0x12c
pci_call_probe+0x68/0x1ec pci_device_probe+0xbc/0x1a8
really_probe+0x104/0x570 __driver_probe_device+0xb8/0x224
driver_probe_device+0x54/0x130 __driver_attach+0x158/0x2b0
bus_for_each_dev+0xa8/0x120 driver_attach+0x34/0x48
bus_add_driver+0x174/0x304 driver_register+0x8c/0x1c4
__pci_register_driver+0x68/0x7c mlx5_init+0xb8/0x118 [mlx5_core]
do_one_initcall+0x60/0x388 do_init_module+0x7c/0x2a4
init_module_from_file+0xb4/0x108 idempotent_init_module+0x184/0x34c
sys_finit_module+0x90/0x114 And oopses are possible when lockdep is enabled
or the RTAS tracepoints are active, since those paths dereference the
result of the lookup. Use the correct spelling to match firmware’s
behavior, adjusting the related constants to match.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-6.5 | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux-gcp | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-gcp-6.5 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-hwe-6.5 | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux-laptop | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux-lowlatency | < any | UNKNOWN |
git.kernel.org/linus/fad87dbd48156ab940538f052f1820f4b6ed2819 (6.8-rc7)
git.kernel.org/stable/c/6b6282d56b14879124416a23837af9bd52ae2dfb
git.kernel.org/stable/c/dd63817baf334888289877ab1db1d866af2a6479
git.kernel.org/stable/c/fad87dbd48156ab940538f052f1820f4b6ed2819
launchpad.net/bugs/cve/CVE-2024-26847
nvd.nist.gov/vuln/detail/CVE-2024-26847
security-tracker.debian.org/tracker/CVE-2024-26847
www.cve.org/CVERecord?id=CVE-2024-26847