Bug 2323907 (CVE-2024-50113) - CVE-2024-50113 kernel: firewire: core: fix invalid port index for parent device
Summary: CVE-2024-50113 kernel: firewire: core: fix invalid port index for parent device
Keywords:
Status: NEW
Alias: CVE-2024-50113
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2324052
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-11-05 18:01 UTC by OSIDB Bzimport
Modified: 2024-11-05 22:21 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2024-11-05 18:01:28 UTC 
In the Linux kernel, the following vulnerability has been resolved:

firewire: core: fix invalid port index for parent device

In a commit 24b7f8e5cd65 ("firewire: core: use helper functions for self
ID sequence"), the enumeration over self ID sequence was refactored with
some helper functions with KUnit tests. These helper functions are
guaranteed to work expectedly by the KUnit tests, however their application
includes a mistake to assign invalid value to the index of port connected
to parent device.

This bug affects the case that any extra node devices which has three or
more ports are connected to 1394 OHCI controller. In the case, the path
to update the tree cache could hits WARN_ON(), and gets general protection
fault due to the access to invalid address computed by the invalid value.

This commit fixes the bug to assign correct port index.
Comment 1 Robb Gatica 2024-11-05 21:35:23 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024110555-CVE-2024-50113-fc8e@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.