CVE-2024-40904

CVE-2024-40904

Título es
CVE-2024-40904

Vie, 12/07/2024 – 13:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-40904

Descripción en
In the Linux kernel, the following vulnerability has been resolved:

USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages

The syzbot fuzzer found that the interrupt-URB completion callback in
the cdc-wdm driver was taking too long, and the driver's immediate
resubmission of interrupt URBs with -EPROTO status combined with the
dummy-hcd emulation to cause a CPU lockup:

cdc_wdm 1-1:1.0: nonzero urb status received: -71
cdc_wdm 1-1:1.0: wdm_int_callback – 0 bytes
watchdog: BUG: soft lockup – CPU#0 stuck for 26s! [syz-executor782:6625]
CPU#0 Utilization every 4s during lockup:
#1: 98% system, 0% softirq, 3% hardirq, 0% idle
#2: 98% system, 0% softirq, 3% hardirq, 0% idle
#3: 98% system, 0% softirq, 3% hardirq, 0% idle
#4: 98% system, 0% softirq, 3% hardirq, 0% idle
#5: 98% system, 1% softirq, 3% hardirq, 0% idle
Modules linked in:
irq event stamp: 73096
hardirqs last enabled at (73095): [] console_emit_next_record kernel/printk/printk.c:2935 [inline]
hardirqs last enabled at (73095): [] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994
hardirqs last disabled at (73096): [] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]
hardirqs last disabled at (73096): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551
softirqs last enabled at (73048): [] softirq_handle_end kernel/softirq.c:400 [inline]
softirqs last enabled at (73048): [] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582
softirqs last disabled at (73043): [] __do_softirq+0x14/0x20 kernel/softirq.c:588
CPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024

Testing showed that the problem did not occur if the two error
messages — the first two lines above — were removed; apparently adding
material to the kernel log takes a surprisingly large amount of time.

In any case, the best approach for preventing these lockups and to
avoid spamming the log with thousands of error messages per second is
to ratelimit the two dev_err() calls. Therefore we replace them with
dev_err_ratelimited().

12/07/2024
12/07/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://git.kernel.org/stable/c/02a4c0499fc3a02e992b4c69a9809912af372d94

  • https://git.kernel.org/stable/c/05b2cd6d33f700597e6f081b53c668a226a96d28

  • https://git.kernel.org/stable/c/217d1f44fff560b3995a685a60aa66e55a7f0f56

  • https://git.kernel.org/stable/c/22f00812862564b314784167a89f27b444f82a46

  • https://git.kernel.org/stable/c/53250b54c92fe087fd4b0c48f85529efe1ebd879

  • https://git.kernel.org/stable/c/72a3fe36cf9f0d030865e571f45a40f9c1e07e8a

  • https://git.kernel.org/stable/c/82075aff7ffccb1e72b0ac8aa349e473624d857c

  • https://git.kernel.org/stable/c/c0747d76eb05542b5d49f67069b64ef5ff732c6c

    • Enviar en el boletín
    Off

    Jose Alexis Correa Valencia

    Consultor de sistemas informáticos avanzados con más de 25 años de experiencia en el sector privado. Su carrera se ha enfocado en el análisis y diseño de sistemas, la instalación y configuración de hardware y software, así como en la administración de redes para diversas empresas. Además, ha tenido el privilegio de ser capacitador en temáticas avanzadas, especializándose en el manejo de datos en línea, la seguridad de transacciones y los multimedios.

    Ver todas las entradas