2327347 – (CVE-2024-53064) CVE-2024-53064 kernel: idpf: fix idpf_vc_core_init error path

Bug 2327347 (CVE-2024-53064) - CVE-2024-53064 kernel: idpf: fix idpf_vc_core_init error path

Summary: CVE-2024-53064 kernel: idpf: fix idpf_vc_core_init error path

Keywords:
Status:	NEW
Alias:	CVE-2024-53064
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2327474
Blocks:
TreeView+	depends on / blocked

Reported:	2024-11-19 18:02 UTC by OSIDB Bzimport
Modified:	2024-12-18 03:47 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-11-19 18:02:15 UTC

In the Linux kernel, the following vulnerability has been resolved:

idpf: fix idpf_vc_core_init error path

In an event where the platform running the device control plane
is rebooted, reset is detected on the driver. It releases
all the resources and waits for the reset to complete. Once the
reset is done, it tries to build the resources back. At this
time if the device control plane is not yet started, then
the driver timeouts on the virtchnl message and retries to
establish the mailbox again.

In the retry flow, mailbox is deinitialized but the mailbox
workqueue is still alive and polling for the mailbox message.
This results in accessing the released control queue leading to
null-ptr-deref. Fix it by unrolling the work queue cancellation
and mailbox deinitialization in the reverse order which they got
initialized.

Comment 1 Robb Gatica 2024-11-19 21:17:17 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024111932-CVE-2024-53064-119c@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.