FKIE_CVE-2024-26933

Vulnerability from fkie_nvd - Published: 2024-05-01 06:15 - Updated: 2025-03-07 20:29
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device. This can cause problems if another process has locked the hub to remove it or change its configuration: Removing the hub or changing its configuration requires the hub interface to be removed, which requires the port device to be removed, and device_del() waits until all outstanding sysfs attribute callbacks for the ports have returned. The lock can't be released until then. But the disable_show() or disable_store() routine can't return until after it has acquired the lock. The resulting deadlock can be avoided by calling sysfs_break_active_protection(). This will cause the sysfs core not to wait for the attribute's callback routine to return, allowing the removal to proceed. The disadvantage is that after making this call, there is no guarantee that the hub structure won't be deallocated at any moment. To prevent this, we have to acquire a reference to it first by calling hub_get().
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4facc9421117ba9d8148c73771b213887fec77f7Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/73d1589b91f2099e5f6534a8497b7c6b527e064ePatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9dac54f08198147f5ec0ec52fcf1bc8ac899ac05Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f4d1960764d8a70318b02f15203a1be2b2554ca1Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f51849833705dea5b4f9b0c8de714dd87bd6c95cPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/4facc9421117ba9d8148c73771b213887fec77f7Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/73d1589b91f2099e5f6534a8497b7c6b527e064ePatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/9dac54f08198147f5ec0ec52fcf1bc8ac899ac05Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/f4d1960764d8a70318b02f15203a1be2b2554ca1Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/f51849833705dea5b4f9b0c8de714dd87bd6c95cPatch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel 6.9
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF9CBC6-E902-43D6-AB1E-CACD72D802E1",
              "versionEndExcluding": "6.1.84",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8018C1D0-0A5F-48D0-BC72-A2B33FDDA693",
              "versionEndExcluding": "6.6.24",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE9771A-BAFD-4624-95F9-58D536540C53",
              "versionEndExcluding": "6.7.12",
              "versionStartIncluding": "6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C59BBC3-6495-4A77-9C82-55EC7CDF5E02",
              "versionEndExcluding": "6.8.3",
              "versionStartIncluding": "6.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Fix deadlock in port \"disable\" sysfs attribute\n\nThe show and store callback routines for the \"disable\" sysfs attribute\nfile in port.c acquire the device lock for the port\u0027s parent hub\ndevice.  This can cause problems if another process has locked the hub\nto remove it or change its configuration:\n\n\tRemoving the hub or changing its configuration requires the\n\thub interface to be removed, which requires the port device\n\tto be removed, and device_del() waits until all outstanding\n\tsysfs attribute callbacks for the ports have returned.  The\n\tlock can\u0027t be released until then.\n\n\tBut the disable_show() or disable_store() routine can\u0027t return\n\tuntil after it has acquired the lock.\n\nThe resulting deadlock can be avoided by calling\nsysfs_break_active_protection().  This will cause the sysfs core not\nto wait for the attribute\u0027s callback routine to return, allowing the\nremoval to proceed.  The disadvantage is that after making this call,\nthere is no guarantee that the hub structure won\u0027t be deallocated at\nany moment.  To prevent this, we have to acquire a reference to it\nfirst by calling hub_get()."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: USB: core: corrige el punto muerto en el atributo sysfs \"disable\" del puerto. Las rutinas de devoluci\u00f3n de llamada para mostrar y almacenar para el archivo del atributo sysfs \"disable\" en port.c adquieren el bloqueo del dispositivo para el puerto. dispositivo central principal. Esto puede causar problemas si otro proceso ha bloqueado el concentrador para eliminarlo o cambiar su configuraci\u00f3n: Quitar el concentrador o cambiar su configuraci\u00f3n requiere que se elimine la interfaz del concentrador, lo que requiere que se elimine el dispositivo del puerto, y device_del() espera hasta que todo Se han devuelto devoluciones de llamadas de atributos sysfs pendientes para los puertos. El bloqueo no podr\u00e1 desbloquearse hasta entonces. Pero la rutina enable_show() o enable_store() no puede regresar hasta que haya adquirido el bloqueo. El punto muerto resultante se puede evitar llamando a sysfs_break_active_protection(). Esto har\u00e1 que el n\u00facleo de sysfs no espere a que regrese la rutina de devoluci\u00f3n de llamada del atributo, lo que permitir\u00e1 que contin\u00fae la eliminaci\u00f3n. La desventaja es que despu\u00e9s de realizar esta llamada, no hay garant\u00eda de que la estructura del centro no se desasignar\u00e1 en ning\u00fan momento. Para evitar esto, primero debemos adquirir una referencia llamando a hub_get()."
    }
  ],
  "id": "CVE-2024-26933",
  "lastModified": "2025-03-07T20:29:52.187",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-05-01T06:15:07.930",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/4facc9421117ba9d8148c73771b213887fec77f7"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/73d1589b91f2099e5f6534a8497b7c6b527e064e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/9dac54f08198147f5ec0ec52fcf1bc8ac899ac05"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/f4d1960764d8a70318b02f15203a1be2b2554ca1"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/f51849833705dea5b4f9b0c8de714dd87bd6c95c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/4facc9421117ba9d8148c73771b213887fec77f7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/73d1589b91f2099e5f6534a8497b7c6b527e064e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/9dac54f08198147f5ec0ec52fcf1bc8ac899ac05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/f4d1960764d8a70318b02f15203a1be2b2554ca1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/f51849833705dea5b4f9b0c8de714dd87bd6c95c"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-667"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.