In the Linux kernel, the following vulnerability has been resolved:
firewire: ohci: prevent leak of left-over IRQ on unbind Commit
5a95f1ded28691e6 (“firewire: ohci: use devres for requested IRQ”) also
removed the call to free_irq() in pci_remove(), leading to a leftover irq
of devm_request_irq() at pci_disable_msi() in pci_remove() when unbinding
the driver from the device remove_proc_entry: removing non-empty directory
‘irq/136’, leaking at least ‘firewire_ohci’ Call Trace: ?
remove_proc_entry+0x19c/0x1c0 ? __warn+0x81/0x130 ?
remove_proc_entry+0x19c/0x1c0 ? report_bug+0x171/0x1a0 ?
console_unlock+0x78/0x120 ? handle_bug+0x3c/0x80 ? exc_invalid_op+0x17/0x70
? asm_exc_invalid_op+0x1a/0x20 ? remove_proc_entry+0x19c/0x1c0
unregister_irq_proc+0xf4/0x120 free_desc+0x3d/0xe0 ? kfree+0x29f/0x2f0
irq_free_descs+0x47/0x70 msi_domain_free_locked.part.0+0x19d/0x1d0
msi_domain_free_irqs_all_locked+0x81/0xc0 pci_free_msi_irqs+0x12/0x40
pci_disable_msi+0x4c/0x60 pci_remove+0x9d/0xc0 [firewire_ohci
01b483699bebf9cb07a3d69df0aa2bee71db1b26] pci_device_remove+0x37/0xa0
device_release_driver_internal+0x19f/0x200 unbind_store+0xa1/0xb0 remove
irq with devm_free_irq() before pci_disable_msi() also remove it in
fail_msi: of pci_probe() as this would lead to an identical leak
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/575801663c7dc38f826212b39e3b91a4a8661c33 (6.8)
git.kernel.org/stable/c/318f6d53dd425c400e35f1a9b7af682c2c6a66d6
git.kernel.org/stable/c/43c70cbc2502cf2557105c662eeed6a15d082b88
git.kernel.org/stable/c/575801663c7dc38f826212b39e3b91a4a8661c33
launchpad.net/bugs/cve/CVE-2024-35816
nvd.nist.gov/vuln/detail/CVE-2024-35816
security-tracker.debian.org/tracker/CVE-2024-35816
www.cve.org/CVERecord?id=CVE-2024-35816