2301513 – (CVE-2024-42147) CVE-2024-42147 kernel: crypto: hisilicon/debugfs - Fix debugfs uninit process issue

Bug 2301513 (CVE-2024-42147) - CVE-2024-42147 kernel: crypto: hisilicon/debugfs - Fix debugfs uninit process issue

Summary: CVE-2024-42147 kernel: crypto: hisilicon/debugfs - Fix debugfs uninit process...

Keywords:
Status:	NEW
Alias:	CVE-2024-42147
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2302012
Blocks:
TreeView+	depends on / blocked

Reported:	2024-07-30 08:39 UTC by OSIDB Bzimport
Modified:	2024-09-05 16:52 UTC (History)
CC List:	4 users (show)
Fixed In Version:	kernel 6.1.98, kernel 6.6.39, kernel 6.9.9, kernel 6.10
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-07-30 08:39:04 UTC

In the Linux kernel, the following vulnerability has been resolved:

crypto: hisilicon/debugfs - Fix debugfs uninit process issue

During the zip probe process, the debugfs failure does not stop
the probe. When debugfs initialization fails, jumping to the
error branch will also release regs, in addition to its own
rollback operation.

As a result, it may be released repeatedly during the regs
uninit process. Therefore, the null check needs to be added to
the regs uninit process.

Comment 1 Mauro Matteo Cascella 2024-07-31 10:47:54 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024073032-CVE-2024-42147-805a@gregkh/T

Comment 2 Mauro Matteo Cascella 2024-07-31 10:48:14 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2302012]

Note You need to log in before you can comment on or make changes to this bug.