LinuxVULNRICHMENT:CVE-2024-39292CVE-2024-39292 um: Add winch to winch_handlers before registering winch IRQ
In the Linux kernel, the following vulnerability has been resolved:
um: Add winch to winch_handlers before registering winch IRQ
Registering a winch IRQ is racy, an interrupt may occur before the winch is
added to the winch_handlers list.
If that happens, register_winch_irq() adds to that list a winch that is
scheduled to be (or has already been) freed, causing a panic later in
winch_cleanup().
Avoid the race by adding the winch to the winch_handlers list before
registering the IRQ, and rolling back if um_request_irq() fails.
CNA Affected
[
{
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"product": "Linux",
"versions": [
{
"status": "affected",
"version": "42a359e31a0e",
"lessThan": "66ea9a7c6824",
"versionType": "git"
},
{
"status": "affected",
"version": "42a359e31a0e",
"lessThan": "dc1ff95602ee",
"versionType": "git"
},
{
"status": "affected",
"version": "42a359e31a0e",
"lessThan": "351d1a645449",
"versionType": "git"
},
{
"status": "affected",
"version": "42a359e31a0e",
"lessThan": "31960d991e43",
"versionType": "git"
},
{
"status": "affected",
"version": "42a359e31a0e",
"lessThan": "0c02d425a2fb",
"versionType": "git"
},
{
"status": "affected",
"version": "42a359e31a0e",
"lessThan": "434a06c38ee1",
"versionType": "git"
},
{
"status": "affected",
"version": "42a359e31a0e",
"lessThan": "73b8e21f76c7",
"versionType": "git"
},
{
"status": "affected",
"version": "42a359e31a0e",
"lessThan": "a0fbbd36c156",
"versionType": "git"
}
],
"programFiles": [
"arch/um/drivers/line.c"
],
"defaultStatus": "unaffected"
},
{
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"product": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.23"
},
{
"status": "unaffected",
"version": "0",
"lessThan": "2.6.23",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "4.19.316",
"versionType": "custom",
"lessThanOrEqual": "4.19.*"
},
{
"status": "unaffected",
"version": "5.4.278",
"versionType": "custom",
"lessThanOrEqual": "5.4.*"
},
{
"status": "unaffected",
"version": "5.10.219",
"versionType": "custom",
"lessThanOrEqual": "5.10.*"
},
{
"status": "unaffected",
"version": "5.15.161",
"versionType": "custom",
"lessThanOrEqual": "5.15.*"
},
{
"status": "unaffected",
"version": "6.1.93",
"versionType": "custom",
"lessThanOrEqual": "6.1.*"
},
{
"status": "unaffected",
"version": "6.6.33",
"versionType": "custom",
"lessThanOrEqual": "6.6.*"
},
{
"status": "unaffected",
"version": "6.9.4",
"versionType": "custom",
"lessThanOrEqual": "6.9.*"
},
{
"status": "unaffected",
"version": "6.10-rc1",
"versionType": "original_commit_for_fix",
"lessThanOrEqual": "*"
}
],
"programFiles": [
"arch/um/drivers/line.c"
],
"defaultStatus": "affected"
}
]References
git.kernel.org/stable/c/0c02d425a2fbe52643a5859a779db0329e7dddd4
git.kernel.org/stable/c/31960d991e43c8d6dc07245f19fc13398e90ead2
git.kernel.org/stable/c/351d1a64544944b44732f6a64ed65573b00b9e14
git.kernel.org/stable/c/434a06c38ee1217a8baa0dd7c37cc85d50138fb0
git.kernel.org/stable/c/66ea9a7c6824821476914bed21a476cd20094f33
git.kernel.org/stable/c/73b8e21f76c7dda4905655d2e2c17dc5a73b87f1
git.kernel.org/stable/c/a0fbbd36c156b9f7b2276871d499c9943dfe5101
git.kernel.org/stable/c/dc1ff95602ee908fcd7d8acee7a0dadb61b1a0c0
lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Related
6.9 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%