GHSA-FXCG-HV47-5Q4M
Vulnerability from github – Published: 2024-03-26 18:32 – Updated: 2024-03-26 18:32In the Linux kernel, the following vulnerability has been resolved:
platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe
p2sb_bar() unhides P2SB device to get resources from the device. It guards the operation by locking pci_rescan_remove_lock so that parallel rescans do not find the P2SB device. However, this lock causes deadlock when PCI bus rescan is triggered by /sys/bus/pci/rescan. The rescan locks pci_rescan_remove_lock and probes PCI devices. When PCI devices call p2sb_bar() during probe, it locks pci_rescan_remove_lock again. Hence the deadlock.
To avoid the deadlock, do not lock pci_rescan_remove_lock in p2sb_bar(). Instead, do the lock at fs_initcall. Introduce p2sb_cache_resources() for fs_initcall which gets and caches the P2SB resources. At p2sb_bar(), refer the cache and return to the caller.
Before operating the device at P2SB DEVFN for resource cache, check that its device class is PCI_CLASS_MEMORY_OTHER 0x0580 that PCH specifications define. This avoids unexpected operation to other devices at the same DEVFN.
Tested-by Klara Modin klarasmodin@gmail.com
{
"affected": [],
"aliases": [
"CVE-2024-26650"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-26T18:15:10Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe\n\np2sb_bar() unhides P2SB device to get resources from the device. It\nguards the operation by locking pci_rescan_remove_lock so that parallel\nrescans do not find the P2SB device. However, this lock causes deadlock\nwhen PCI bus rescan is triggered by /sys/bus/pci/rescan. The rescan\nlocks pci_rescan_remove_lock and probes PCI devices. When PCI devices\ncall p2sb_bar() during probe, it locks pci_rescan_remove_lock again.\nHence the deadlock.\n\nTo avoid the deadlock, do not lock pci_rescan_remove_lock in p2sb_bar().\nInstead, do the lock at fs_initcall. Introduce p2sb_cache_resources()\nfor fs_initcall which gets and caches the P2SB resources. At p2sb_bar(),\nrefer the cache and return to the caller.\n\nBefore operating the device at P2SB DEVFN for resource cache, check\nthat its device class is PCI_CLASS_MEMORY_OTHER 0x0580 that PCH\nspecifications define. This avoids unexpected operation to other devices\nat the same DEVFN.\n\nTested-by Klara Modin \u003cklarasmodin@gmail.com\u003e",
"id": "GHSA-fxcg-hv47-5q4m",
"modified": "2024-03-26T18:32:07Z",
"published": "2024-03-26T18:32:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26650"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2841631a03652f32b595c563695d0461072e0de4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5913320eb0b3ec88158cfcb0fa5e996bf4ef681b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/847e1eb30e269a094da046c08273abe3f3361cf2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d281ac9a987c553d93211b90fd4fe97d8eca32cd"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.