In the Linux kernel, the following vulnerability has been resolved:
pds_core: Fix pdsc_check_pci_health function to use work thread When the
driver notices fw_status == 0xff it tries to perform a PCI reset on itself
via pci_reset_function() in the context of the driver’s health thread.
However, pdsc_reset_prepare calls pdsc_stop_health_thread(), which attempts
to stop/flush the health thread. This results in a deadlock because the
stop/flush will never complete since the driver called pci_reset_function()
from the health thread context. Fix by changing the
pdsc_check_pci_health_function() to queue a newly introduced
pdsc_pci_reset_thread() on the pdsc’s work queue. Unloading the driver in
the fw_down/dead state uncovered another issue, which can be seen in the
following trace: WARNING: CPU: 51 PID: 6914 at kernel/workqueue.c:1450
__queue_work+0x358/0x440 […] RIP: 0010:__queue_work+0x358/0x440 […]
Call Trace: <TASK> ? __warn+0x85/0x140 ? __queue_work+0x358/0x440 ?
report_bug+0xfc/0x1e0 ? handle_bug+0x3f/0x70 ? exc_invalid_op+0x17/0x70 ?
asm_exc_invalid_op+0x1a/0x20 ? __queue_work+0x358/0x440
queue_work_on+0x28/0x30 pdsc_devcmd_locked+0x96/0xe0 [pds_core]
pdsc_devcmd_reset+0x71/0xb0 [pds_core] pdsc_teardown+0x51/0xe0 [pds_core]
pdsc_remove+0x106/0x200 [pds_core] pci_device_remove+0x37/0xc0
device_release_driver_internal+0xae/0x140 driver_detach+0x48/0x90
bus_remove_driver+0x6d/0xf0 pci_unregister_driver+0x2e/0xa0
pdsc_cleanup_module+0x10/0x780 [pds_core]
__x64_sys_delete_module+0x142/0x2b0 ?
syscall_trace_enter.isra.18+0x126/0x1a0 do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7fbd9d03a14b […] Fix
this by preventing the devcmd reset if the FW is not running.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 24.04 | noarch | linux | < 6.8.0-38.38 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < 6.8.0-1011.12 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-azure | < 6.8.0-1010.10 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-6.5 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-gcp | < 6.8.0-1010.11 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-gcp-6.5 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-gke | < 6.8.0-1006.9 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-ibm | < 6.8.0-1008.8 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-intel | < 6.8.0-1007.14 | UNKNOWN |
git.kernel.org/linus/81665adf25d28a00a986533f1d3a5df76b79cad9 (6.9-rc4)
git.kernel.org/stable/c/38407914d48273d7f8ab765b9243658afe1c3ab6
git.kernel.org/stable/c/81665adf25d28a00a986533f1d3a5df76b79cad9
launchpad.net/bugs/cve/CVE-2024-35968
nvd.nist.gov/vuln/detail/CVE-2024-35968
security-tracker.debian.org/tracker/CVE-2024-35968
ubuntu.com/security/notices/USN-6893-1
ubuntu.com/security/notices/USN-6893-2
ubuntu.com/security/notices/USN-6893-3
ubuntu.com/security/notices/USN-6918-1
www.cve.org/CVERecord?id=CVE-2024-35968