2294222 – (CVE-2024-39292) CVE-2024-39292 kernel: um: Add winch to winch_handlers before registering winch IRQ

Bug 2294222 (CVE-2024-39292) - CVE-2024-39292 kernel: um: Add winch to winch_handlers before registering winch IRQ

Summary: CVE-2024-39292 kernel: um: Add winch to winch_handlers before registering win...

Keywords:
Status:	NEW
Alias:	CVE-2024-39292
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2294214
TreeView+	depends on / blocked

Reported:	2024-06-25 13:37 UTC by Avinash Hanwate
Modified:	2024-09-18 17:58 UTC (History)
CC List:	5 users (show)
Fixed In Version:	kernel 4.19.316, kernel 5.4.278, kernel 5.10.219, kernel 5.15.161, kernel 6.1.93, kernel 6.6.33, kernel 6.9.4, kernel 6.10-rc1
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in the Linux kernel's handling of winch IRQs. This issue involves the registration of winch IRQs before adding winch handlers to the winch_handlers list. This oversight could potentially lead to improper IRQ handling and impact system stability or security. This issue has been resolved by ensuring that winch handlers are added to the list before the IRQs are registered.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Avinash Hanwate 2024-06-25 13:37:37 UTC

In the Linux kernel, the following vulnerability has been resolved:

um: Add winch to winch_handlers before registering winch IRQ

The Linux kernel CVE team has assigned CVE-2024-39292 to this issue.

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024062432-CVE-2024-39292-e5c2@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.