CVE-2024-42253

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-42253
In the Linux kernel, the following vulnerability has been resolved: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race Ensure that `i2c_lock' is held when setting interrupt latch and mask in pca953x_irq_bus_sync_unlock() in order to avoid races. The other (non-probe) call site pca953x_gpio_set_multiple() ensures the lock is held before calling pca953x_write_regs(). The problem occurred when a request raced against irq_bus_sync_unlock() approximately once per thousand reboots on an i.MX8MP based system. * Normal case 0-0022: write register AI|3a {03,02,00,00,01} Input latch P0 0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0 0-0022: write register AI|08 {ff,00,00,00,00} Output P3 0-0022: write register AI|12 {fc,00,00,00,00} Config P3 * Race case 0-0022: write register AI|08 {ff,00,00,00,00} Output P3 0-0022: write register AI|08 {03,02,00,00,01} *** Wrong register *** 0-0022: write register AI|12 {fc,00,00,00,00} Config P3 0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0

4.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/58a5c93bd1a6e949267400080f07e57ffe05ec34 Patch
https://git.kernel.org/stable/c/bfc6444b57dc7186b6acc964705d7516cbaf3904 Patch
https://git.kernel.org/stable/c/de7cffa53149c7b48bd1bb29b02390c9f05b7f41 Patch
https://git.kernel.org/stable/c/e2ecdddca80dd845df42376e4b0197fe97018ba2 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*
History

06 Sep 2024, 13:38

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/58a5c93bd1a6e949267400080f07e57ffe05ec34 - () https://git.kernel.org/stable/c/58a5c93bd1a6e949267400080f07e57ffe05ec34 - Patch
References () https://git.kernel.org/stable/c/bfc6444b57dc7186b6acc964705d7516cbaf3904 - () https://git.kernel.org/stable/c/bfc6444b57dc7186b6acc964705d7516cbaf3904 - Patch
References () https://git.kernel.org/stable/c/de7cffa53149c7b48bd1bb29b02390c9f05b7f41 - () https://git.kernel.org/stable/c/de7cffa53149c7b48bd1bb29b02390c9f05b7f41 - Patch
References () https://git.kernel.org/stable/c/e2ecdddca80dd845df42376e4b0197fe97018ba2 - () https://git.kernel.org/stable/c/e2ecdddca80dd845df42376e4b0197fe97018ba2 - Patch
CWE CWE-667
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.7
CPE cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*
First Time Linux linux Kernel
Linux

08 Aug 2024, 13:04

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gpio: pca953x: corrige la ejecución pca953x_irq_bus_sync_unlock Asegúrese de que se mantenga `i2c_lock' al configurar el bloqueo de interrupción y la máscara en pca953x_irq_bus_sync_unlock() para evitar ejecuciones. El otro sitio de llamada (que no es de sonda) pca953x_gpio_set_multiple() garantiza que el bloqueo se mantenga antes de llamar a pca953x_write_regs(). El problema ocurrió cuando una solicitud corrió contra irq_bus_sync_unlock() aproximadamente una vez por cada mil reinicios en un sistema basado en i.MX8MP. * Caso normal 0-0022: escribir registro AI|3a {03,02,00,00,01} Enclavamiento de entrada P0 0-0022: escribir registro AI|49 {fc,fd,ff,ff,fe} Máscara de interrupción P0 0 -0022: escribir registro AI|08 {ff,00,00,00,00} Salida P3 0-0022: escribir registro AI|12 {fc,00,00,00,00} Configuración P3 * Caso de ejecución 0-0022: escribir registro AI|08 {ff,00,00,00,00} Salida P3 0-0022: escribir registro AI|08 {03,02,00,00,01} *** Registro incorrecto *** 0-0022: escribir registro AI|12 {fc,00,00,00,00} Config P3 0-0022: escribir registro AI|49 {fc,fd,ff,ff,fe} Máscara de interrupción P0

08 Aug 2024, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-08 09:15

Updated : 2024-09-06 13:38

NVD link : CVE-2024-42253

Mitre link : CVE-2024-42253

CVE.ORG link : CVE-2024-42253

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-667

Improper Locking


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024