Bug 2265831 (CVE-2024-26605)

Summary: CVE-2024-26605 kernel: PCI/ASPM: Fix deadlock when enabling ASPM
Product: [Other] Security Response Reporter: Mauro Matteo Cascella <mcascell>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: acaringi, allarkin, aquini, bhu, chwhite, cye, cyin, dbohanno, debarbos, dfreiber, drow, dvlasenk, esandeen, ezulian, hkrzesin, jarod, jburrell, jdenham, jfaracco, jforbes, jlelli, joe.lawrence, jshortt, jstancek, jwyatt, kcarcia, ldoskova, lgoncalv, lzampier, mleitner, mmilgram, mstowell, nmurray, ptalbert, rparrazo, rrobaina, rvrbovsk, rysulliv, scweaver, sukulkar, tglozar, tyberry, vkumar, wcosta, williams, wmealing, ycote, ykopkova, zhijwang
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel 6.8-rc3 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel, where a deadlock scenario was triggered when enabling Active State Power Management (ASPM) during the probe of Qualcomm PCIe controllers. This deadlock was identified by lockdep and stemmed from a recursive locking scenario. This issue occurred when a task attempted to acquire a lock already held by another task, leading to a deadlock situation. The deadlock could be reproduced on certain machines, such as the Lenovo ThinkPad X13s, by intentionally delaying operations to increase the race window during asynchronous probes, allowing another thread to take a write lock.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2265832    
Bug Blocks: 2267044    

Description Mauro Matteo Cascella 2024-02-24 17:18:12 UTC 
In the Linux kernel, the following vulnerability has been resolved:

PCI/ASPM: Fix deadlock when enabling ASPM

The Linux kernel CVE team has assigned CVE-2024-26605 to this issue.

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024022419-CVE-2024-26605-7b06@gregkh/T/#u
Comment 1 Mauro Matteo Cascella 2024-02-24 17:28:18 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2265832]
Comment 3 Justin M. Forbes 2024-02-26 23:51:02 UTC 
This was fixed for Fedora with the 6.7.5 stable kernel update.
Comment 5 Alex 2024-06-09 13:18:29 UTC 
The result of automatic check (that is developed by Alexander Larkin) for this CVE-2024-26605 is: 	SKIP	The Fixes patch not applied yet, so unlikely that actual: f93e71aea6c60ebff8adbd8941e678302d377869	YES			NO	YES	unknown (where first YES/NO value means if related sources built).
Comment 6 errata-xmlrpc 2024-11-12 09:18:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:9315 https://access.redhat.com/errata/RHSA-2024:9315