一、漏洞信息

漏洞编号：[CVE-2024-35938](https://nvd.nist.gov/vuln/detail/CVE-2024-35938)

漏洞归属组件：[kernel](https://gitee.com/src-openeuler/kernel)

漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0

CVSS V2.0分值：

BaseScore：0.0 Low

Vector：CVSS：2.0/

漏洞简述：

In the Linux kernel, the following vulnerability has been resolved:wifi: ath11k: decrease MHI channel buffer length to 8KBCurrently buf_len field of ath11k_mhi_config_qca6390 is assignedwith 0, making MHI use a default size, 64KB, to allocate channelbuffers. This is likely to fail in some scenarios where systemmemory is highly fragmented and memory compaction or reclaim isnot allowed.There is a fail report which is caused by it:kworker/u32:45: page allocation failure: order:4, mode:0x40c00(GFP_NOIO|__GFP_COMP), nodemask=(null),cpuset=/,mems_allowed=0CPU: 0 PID: 19318 Comm: kworker/u32:45 Not tainted 6.8.0-rc3-1.gae4495f-default #1 openSUSE Tumbleweed (unreleased) 493b6d5b382c603654d7a81fc3c144d59a1dfcebWorkqueue: events_unbound async_run_entry_fnCall Trace: <TASK> dump_stack_lvl+0x47/0x60 warn_alloc+0x13a/0x1b0 ? srso_alias_return_thunk+0x5/0xfbef5 ? __alloc_pages_direct_compact+0xab/0x210 __alloc_pages_slowpath.constprop.0+0xd3e/0xda0 __alloc_pages+0x32d/0x350 ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __kmalloc_large_node+0x72/0x110 __kmalloc+0x37c/0x480 ? mhi_map_single_no_bb+0x77/0xf0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __mhi_prepare_for_transfer+0x44/0x80 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? __pfx_____mhi_prepare_for_transfer+0x10/0x10 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] device_for_each_child+0x5c/0xa0 ? __pfx_pci_pm_resume+0x10/0x10 ath11k_core_resume+0x65/0x100 [ath11k a5094e22d7223135c40d93c8f5321cf09fd85e4e] ? srso_alias_return_thunk+0x5/0xfbef5 ath11k_pci_pm_resume+0x32/0x60 [ath11k_pci 830b7bfc3ea80ebef32e563cafe2cb55e9cc73ec] ? srso_alias_return_thunk+0x5/0xfbef5 dpm_run_callback+0x8c/0x1e0 device_resume+0x104/0x340 ? __pfx_dpm_watchdog_handler+0x10/0x10 async_resume+0x1d/0x30 async_run_entry_fn+0x32/0x120 process_one_work+0x168/0x330 worker_thread+0x2f5/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe8/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK>Actually those buffers are used only by QMI target -> host communication.And for WCN6855 and QCA6390, the largest packet size for that is lessthan 6KB. So change buf_len field to 8KB, which results in order 1allocation if page size is 4KB. In this way, we can at least save somememory, and as well as decrease the possibility of allocation failurein those scenarios.Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30

漏洞公开时间：2024-05-19 19:15:49

漏洞创建时间：2024-05-19 20:30:42

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-35938

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/138fdeac75fb7512a7f9f1c3b236cd2e754af793 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/1cca1bddf9ef080503c15378cecf4877f7510015 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/6597a6687af54e2cb58371cf8f6ee4dd85c537de | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/805a1cdde82fec00c7471a393f4bb437b2741559 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/ae5876b3b7b2243d874e2afa099e7926122087a1 | |

一、漏洞信息

漏洞编号：[CVE-2024-35938](https://nvd.nist.gov/vuln/detail/CVE-2024-35938)

漏洞归属组件：[kernel](https://gitee.com/src-openeuler/kernel)

漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0

CVSS V2.0分值：

BaseScore：0.0 Low

Vector：CVSS：2.0/

漏洞简述：

In the Linux kernel, the following vulnerability has been resolved:wifi: ath11k: decrease MHI channel buffer length to 8KBCurrently buf_len field of ath11k_mhi_config_qca6390 is assignedwith 0, making MHI use a default size, 64KB, to allocate channelbuffers. This is likely to fail in some scenarios where systemmemory is highly fragmented and memory compaction or reclaim isnot allowed.There is a fail report which is caused by it:kworker/u32:45: page allocation failure: order:4, mode:0x40c00(GFP_NOIO|__GFP_COMP), nodemask=(null),cpuset=/,mems_allowed=0CPU: 0 PID: 19318 Comm: kworker/u32:45 Not tainted 6.8.0-rc3-1.gae4495f-default #1 openSUSE Tumbleweed (unreleased) 493b6d5b382c603654d7a81fc3c144d59a1dfcebWorkqueue: events_unbound async_run_entry_fnCall Trace: <TASK> dump_stack_lvl+0x47/0x60 warn_alloc+0x13a/0x1b0 ? srso_alias_return_thunk+0x5/0xfbef5 ? __alloc_pages_direct_compact+0xab/0x210 __alloc_pages_slowpath.constprop.0+0xd3e/0xda0 __alloc_pages+0x32d/0x350 ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __kmalloc_large_node+0x72/0x110 __kmalloc+0x37c/0x480 ? mhi_map_single_no_bb+0x77/0xf0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __mhi_prepare_for_transfer+0x44/0x80 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? __pfx_____mhi_prepare_for_transfer+0x10/0x10 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] device_for_each_child+0x5c/0xa0 ? __pfx_pci_pm_resume+0x10/0x10 ath11k_core_resume+0x65/0x100 [ath11k a5094e22d7223135c40d93c8f5321cf09fd85e4e] ? srso_alias_return_thunk+0x5/0xfbef5 ath11k_pci_pm_resume+0x32/0x60 [ath11k_pci 830b7bfc3ea80ebef32e563cafe2cb55e9cc73ec] ? srso_alias_return_thunk+0x5/0xfbef5 dpm_run_callback+0x8c/0x1e0 device_resume+0x104/0x340 ? __pfx_dpm_watchdog_handler+0x10/0x10 async_resume+0x1d/0x30 async_run_entry_fn+0x32/0x120 process_one_work+0x168/0x330 worker_thread+0x2f5/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe8/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK>Actually those buffers are used only by QMI target -> host communication.And for WCN6855 and QCA6390, the largest packet size for that is lessthan 6KB. So change buf_len field to 8KB, which results in order 1allocation if page size is 4KB. In this way, we can at least save somememory, and as well as decrease the possibility of allocation failurein those scenarios.Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30

漏洞公开时间：2024-05-19 19:15:49

漏洞创建时间：2024-05-19 20:30:42

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-35938

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/138fdeac75fb7512a7f9f1c3b236cd2e754af793 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/1cca1bddf9ef080503c15378cecf4877f7510015 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/6597a6687af54e2cb58371cf8f6ee4dd85c537de | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/805a1cdde82fec00c7471a393f4bb437b2741559 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/ae5876b3b7b2243d874e2afa099e7926122087a1 | |

| cve_search | | https://git.kernel.org/stable/c/805a1cdde82fec00c7471a393f4bb437b2741559 |

| cve_search | | https://git.kernel.org/stable/c/6597a6687af54e2cb58371cf8f6ee4dd85c537de |

| cve_search | | https://git.kernel.org/stable/c/138fdeac75fb7512a7f9f1c3b236cd2e754af793 |

| cve_search | | https://git.kernel.org/stable/c/ae5876b3b7b2243d874e2afa099e7926122087a1 |

| cve_search | | https://git.kernel.org/stable/c/1cca1bddf9ef080503c15378cecf4877f7510015 |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

受影响版本排查(受影响/不受影响)：

1.master(6.1.0):

2.openEuler-20.03-LTS-SP1(4.19.90):

3.openEuler-20.03-LTS-SP4(4.19.90):

4.openEuler-22.03-LTS(5.10.0):

5.openEuler-22.03-LTS-Next(5.10.0):

6.openEuler-22.03-LTS-SP1(5.10.0):

7.openEuler-22.03-LTS-SP2(5.10.0):

8.openEuler-22.03-LTS-SP3(5.10.0):

9.openEuler-22.03-LTS-SP4:

10.openEuler-24.03-LTS:

11.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(6.1.0):

2.openEuler-20.03-LTS-SP1(4.19.90):

3.openEuler-20.03-LTS-SP4(4.19.90):

4.openEuler-22.03-LTS(5.10.0):

5.openEuler-22.03-LTS-Next(5.10.0):

6.openEuler-22.03-LTS-SP1(5.10.0):

7.openEuler-22.03-LTS-SP2(5.10.0):

8.openEuler-22.03-LTS-SP3(5.10.0):

9.openEuler-22.03-LTS-SP4:

10.openEuler-24.03-LTS:

11.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2024-35938](https://nvd.nist.gov/vuln/detail/CVE-2024-35938)

漏洞归属组件：[kernel](https://gitee.com/src-openeuler/kernel)

漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0

CVSS V2.0分值：

BaseScore：0.0 Low

Vector：CVSS：2.0/

漏洞简述：

In the Linux kernel, the following vulnerability has been resolved:wifi: ath11k: decrease MHI channel buffer length to 8KBCurrently buf_len field of ath11k_mhi_config_qca6390 is assignedwith 0, making MHI use a default size, 64KB, to allocate channelbuffers. This is likely to fail in some scenarios where systemmemory is highly fragmented and memory compaction or reclaim isnot allowed.There is a fail report which is caused by it:kworker/u32:45: page allocation failure: order:4, mode:0x40c00(GFP_NOIO|__GFP_COMP), nodemask=(null),cpuset=/,mems_allowed=0CPU: 0 PID: 19318 Comm: kworker/u32:45 Not tainted 6.8.0-rc3-1.gae4495f-default #1 openSUSE Tumbleweed (unreleased) 493b6d5b382c603654d7a81fc3c144d59a1dfcebWorkqueue: events_unbound async_run_entry_fnCall Trace: <TASK> dump_stack_lvl+0x47/0x60 warn_alloc+0x13a/0x1b0 ? srso_alias_return_thunk+0x5/0xfbef5 ? __alloc_pages_direct_compact+0xab/0x210 __alloc_pages_slowpath.constprop.0+0xd3e/0xda0 __alloc_pages+0x32d/0x350 ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __kmalloc_large_node+0x72/0x110 __kmalloc+0x37c/0x480 ? mhi_map_single_no_bb+0x77/0xf0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __mhi_prepare_for_transfer+0x44/0x80 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? __pfx_____mhi_prepare_for_transfer+0x10/0x10 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] device_for_each_child+0x5c/0xa0 ? __pfx_pci_pm_resume+0x10/0x10 ath11k_core_resume+0x65/0x100 [ath11k a5094e22d7223135c40d93c8f5321cf09fd85e4e] ? srso_alias_return_thunk+0x5/0xfbef5 ath11k_pci_pm_resume+0x32/0x60 [ath11k_pci 830b7bfc3ea80ebef32e563cafe2cb55e9cc73ec] ? srso_alias_return_thunk+0x5/0xfbef5 dpm_run_callback+0x8c/0x1e0 device_resume+0x104/0x340 ? __pfx_dpm_watchdog_handler+0x10/0x10 async_resume+0x1d/0x30 async_run_entry_fn+0x32/0x120 process_one_work+0x168/0x330 worker_thread+0x2f5/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe8/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK>Actually those buffers are used only by QMI target -> host communication.And for WCN6855 and QCA6390, the largest packet size for that is lessthan 6KB. So change buf_len field to 8KB, which results in order 1allocation if page size is 4KB. In this way, we can at least save somememory, and as well as decrease the possibility of allocation failurein those scenarios.Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30

漏洞公开时间：2024-05-19 19:15:49

漏洞创建时间：2024-05-19 20:30:42

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-35938

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/138fdeac75fb7512a7f9f1c3b236cd2e754af793 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/1cca1bddf9ef080503c15378cecf4877f7510015 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/6597a6687af54e2cb58371cf8f6ee4dd85c537de | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/805a1cdde82fec00c7471a393f4bb437b2741559 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/ae5876b3b7b2243d874e2afa099e7926122087a1 | |

1.master(6.1.0):

2.openEuler-20.03-LTS-SP1(4.19.90):

3.openEuler-20.03-LTS-SP4(4.19.90):

4.openEuler-22.03-LTS(5.10.0):

5.openEuler-22.03-LTS-Next(5.10.0):

6.openEuler-22.03-LTS-SP1(5.10.0):

7.openEuler-22.03-LTS-SP2(5.10.0):

8.openEuler-22.03-LTS-SP3(5.10.0):

9.openEuler-22.03-LTS-SP4:

10.openEuler-24.03-LTS:

11.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2024-35938](https://nvd.nist.gov/vuln/detail/CVE-2024-35938)

漏洞归属组件：[kernel](https://gitee.com/src-openeuler/kernel)

漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0

CVSS V2.0分值：

BaseScore：0.0 Low

Vector：CVSS：2.0/

漏洞简述：

In the Linux kernel, the following vulnerability has been resolved:wifi: ath11k: decrease MHI channel buffer length to 8KBCurrently buf_len field of ath11k_mhi_config_qca6390 is assignedwith 0, making MHI use a default size, 64KB, to allocate channelbuffers. This is likely to fail in some scenarios where systemmemory is highly fragmented and memory compaction or reclaim isnot allowed.There is a fail report which is caused by it:kworker/u32:45: page allocation failure: order:4, mode:0x40c00(GFP_NOIO|__GFP_COMP), nodemask=(null),cpuset=/,mems_allowed=0CPU: 0 PID: 19318 Comm: kworker/u32:45 Not tainted 6.8.0-rc3-1.gae4495f-default #1 openSUSE Tumbleweed (unreleased) 493b6d5b382c603654d7a81fc3c144d59a1dfcebWorkqueue: events_unbound async_run_entry_fnCall Trace: <TASK> dump_stack_lvl+0x47/0x60 warn_alloc+0x13a/0x1b0 ? srso_alias_return_thunk+0x5/0xfbef5 ? __alloc_pages_direct_compact+0xab/0x210 __alloc_pages_slowpath.constprop.0+0xd3e/0xda0 __alloc_pages+0x32d/0x350 ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __kmalloc_large_node+0x72/0x110 __kmalloc+0x37c/0x480 ? mhi_map_single_no_bb+0x77/0xf0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __mhi_prepare_for_transfer+0x44/0x80 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? __pfx_____mhi_prepare_for_transfer+0x10/0x10 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] device_for_each_child+0x5c/0xa0 ? __pfx_pci_pm_resume+0x10/0x10 ath11k_core_resume+0x65/0x100 [ath11k a5094e22d7223135c40d93c8f5321cf09fd85e4e] ? srso_alias_return_thunk+0x5/0xfbef5 ath11k_pci_pm_resume+0x32/0x60 [ath11k_pci 830b7bfc3ea80ebef32e563cafe2cb55e9cc73ec] ? srso_alias_return_thunk+0x5/0xfbef5 dpm_run_callback+0x8c/0x1e0 device_resume+0x104/0x340 ? __pfx_dpm_watchdog_handler+0x10/0x10 async_resume+0x1d/0x30 async_run_entry_fn+0x32/0x120 process_one_work+0x168/0x330 worker_thread+0x2f5/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe8/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK>Actually those buffers are used only by QMI target -> host communication.And for WCN6855 and QCA6390, the largest packet size for that is lessthan 6KB. So change buf_len field to 8KB, which results in order 1allocation if page size is 4KB. In this way, we can at least save somememory, and as well as decrease the possibility of allocation failurein those scenarios.Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30

漏洞公开时间：2024-05-19 19:15:49

漏洞创建时间：2024-05-19 20:30:42

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-35938

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/138fdeac75fb7512a7f9f1c3b236cd2e754af793 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/1cca1bddf9ef080503c15378cecf4877f7510015 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/6597a6687af54e2cb58371cf8f6ee4dd85c537de | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/805a1cdde82fec00c7471a393f4bb437b2741559 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/ae5876b3b7b2243d874e2afa099e7926122087a1 | |

| ubuntu | https://www.cve.org/CVERecord?id=CVE-2024-35938 | https://ubuntu.com/security/CVE-2024-35938 |

| ubuntu | https://git.kernel.org/linus/1cca1bddf9ef080503c15378cecf4877f7510015 (6.9-rc1) | https://ubuntu.com/security/CVE-2024-35938 |

| ubuntu | https://git.kernel.org/stable/c/805a1cdde82fec00c7471a393f4bb437b2741559 | https://ubuntu.com/security/CVE-2024-35938 |

| ubuntu | https://git.kernel.org/stable/c/6597a6687af54e2cb58371cf8f6ee4dd85c537de | https://ubuntu.com/security/CVE-2024-35938 |

| ubuntu | https://git.kernel.org/stable/c/138fdeac75fb7512a7f9f1c3b236cd2e754af793 | https://ubuntu.com/security/CVE-2024-35938 |

| ubuntu | https://git.kernel.org/stable/c/ae5876b3b7b2243d874e2afa099e7926122087a1 | https://ubuntu.com/security/CVE-2024-35938 |

| ubuntu | https://git.kernel.org/stable/c/1cca1bddf9ef080503c15378cecf4877f7510015 | https://ubuntu.com/security/CVE-2024-35938 |

| ubuntu | https://nvd.nist.gov/vuln/detail/CVE-2024-35938 | https://ubuntu.com/security/CVE-2024-35938 |

| ubuntu | https://launchpad.net/bugs/cve/CVE-2024-35938 | https://ubuntu.com/security/CVE-2024-35938 |

| ubuntu | https://security-tracker.debian.org/tracker/CVE-2024-35938 | https://ubuntu.com/security/CVE-2024-35938 |

一、漏洞信息

漏洞编号：[CVE-2024-35938](https://nvd.nist.gov/vuln/detail/CVE-2024-35938)

漏洞归属组件：[kernel](https://gitee.com/src-openeuler/kernel)

漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0

CVSS V2.0分值：

BaseScore：0.0 Low

Vector：CVSS：2.0/

漏洞简述：

In the Linux kernel, the following vulnerability has been resolved:wifi: ath11k: decrease MHI channel buffer length to 8KBCurrently buf_len field of ath11k_mhi_config_qca6390 is assignedwith 0, making MHI use a default size, 64KB, to allocate channelbuffers. This is likely to fail in some scenarios where systemmemory is highly fragmented and memory compaction or reclaim isnot allowed.There is a fail report which is caused by it:kworker/u32:45: page allocation failure: order:4, mode:0x40c00(GFP_NOIO|__GFP_COMP), nodemask=(null),cpuset=/,mems_allowed=0CPU: 0 PID: 19318 Comm: kworker/u32:45 Not tainted 6.8.0-rc3-1.gae4495f-default #1 openSUSE Tumbleweed (unreleased) 493b6d5b382c603654d7a81fc3c144d59a1dfcebWorkqueue: events_unbound async_run_entry_fnCall Trace: <TASK> dump_stack_lvl+0x47/0x60 warn_alloc+0x13a/0x1b0 ? srso_alias_return_thunk+0x5/0xfbef5 ? __alloc_pages_direct_compact+0xab/0x210 __alloc_pages_slowpath.constprop.0+0xd3e/0xda0 __alloc_pages+0x32d/0x350 ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __kmalloc_large_node+0x72/0x110 __kmalloc+0x37c/0x480 ? mhi_map_single_no_bb+0x77/0xf0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __mhi_prepare_for_transfer+0x44/0x80 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? __pfx_____mhi_prepare_for_transfer+0x10/0x10 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] device_for_each_child+0x5c/0xa0 ? __pfx_pci_pm_resume+0x10/0x10 ath11k_core_resume+0x65/0x100 [ath11k a5094e22d7223135c40d93c8f5321cf09fd85e4e] ? srso_alias_return_thunk+0x5/0xfbef5 ath11k_pci_pm_resume+0x32/0x60 [ath11k_pci 830b7bfc3ea80ebef32e563cafe2cb55e9cc73ec] ? srso_alias_return_thunk+0x5/0xfbef5 dpm_run_callback+0x8c/0x1e0 device_resume+0x104/0x340 ? __pfx_dpm_watchdog_handler+0x10/0x10 async_resume+0x1d/0x30 async_run_entry_fn+0x32/0x120 process_one_work+0x168/0x330 worker_thread+0x2f5/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe8/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK>Actually those buffers are used only by QMI target -> host communication.And for WCN6855 and QCA6390, the largest packet size for that is lessthan 6KB. So change buf_len field to 8KB, which results in order 1allocation if page size is 4KB. In this way, we can at least save somememory, and as well as decrease the possibility of allocation failurein those scenarios.Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30

漏洞公开时间：2024-05-19 19:15:49

漏洞创建时间：2024-05-19 20:30:42

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-35938

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/138fdeac75fb7512a7f9f1c3b236cd2e754af793 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/1cca1bddf9ef080503c15378cecf4877f7510015 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/6597a6687af54e2cb58371cf8f6ee4dd85c537de | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/805a1cdde82fec00c7471a393f4bb437b2741559 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/ae5876b3b7b2243d874e2afa099e7926122087a1 | |

一、漏洞信息

漏洞编号：[CVE-2024-35938](https://nvd.nist.gov/vuln/detail/CVE-2024-35938)

漏洞归属组件：[kernel](https://gitee.com/src-openeuler/kernel)

漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0

CVSS V2.0分值：

BaseScore：0.0 Low

Vector：CVSS：2.0/

漏洞简述：

In the Linux kernel, the following vulnerability has been resolved:wifi: ath11k: decrease MHI channel buffer length to 8KBCurrently buf_len field of ath11k_mhi_config_qca6390 is assignedwith 0, making MHI use a default size, 64KB, to allocate channelbuffers. This is likely to fail in some scenarios where systemmemory is highly fragmented and memory compaction or reclaim isnot allowed.There is a fail report which is caused by it:kworker/u32:45: page allocation failure: order:4, mode:0x40c00(GFP_NOIO|__GFP_COMP), nodemask=(null),cpuset=/,mems_allowed=0CPU: 0 PID: 19318 Comm: kworker/u32:45 Not tainted 6.8.0-rc3-1.gae4495f-default #1 openSUSE Tumbleweed (unreleased) 493b6d5b382c603654d7a81fc3c144d59a1dfcebWorkqueue: events_unbound async_run_entry_fnCall Trace: <TASK> dump_stack_lvl+0x47/0x60 warn_alloc+0x13a/0x1b0 ? srso_alias_return_thunk+0x5/0xfbef5 ? __alloc_pages_direct_compact+0xab/0x210 __alloc_pages_slowpath.constprop.0+0xd3e/0xda0 __alloc_pages+0x32d/0x350 ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __kmalloc_large_node+0x72/0x110 __kmalloc+0x37c/0x480 ? mhi_map_single_no_bb+0x77/0xf0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __mhi_prepare_for_transfer+0x44/0x80 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? __pfx_____mhi_prepare_for_transfer+0x10/0x10 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] device_for_each_child+0x5c/0xa0 ? __pfx_pci_pm_resume+0x10/0x10 ath11k_core_resume+0x65/0x100 [ath11k a5094e22d7223135c40d93c8f5321cf09fd85e4e] ? srso_alias_return_thunk+0x5/0xfbef5 ath11k_pci_pm_resume+0x32/0x60 [ath11k_pci 830b7bfc3ea80ebef32e563cafe2cb55e9cc73ec] ? srso_alias_return_thunk+0x5/0xfbef5 dpm_run_callback+0x8c/0x1e0 device_resume+0x104/0x340 ? __pfx_dpm_watchdog_handler+0x10/0x10 async_resume+0x1d/0x30 async_run_entry_fn+0x32/0x120 process_one_work+0x168/0x330 worker_thread+0x2f5/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe8/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK>Actually those buffers are used only by QMI target -> host communication.And for WCN6855 and QCA6390, the largest packet size for that is lessthan 6KB. So change buf_len field to 8KB, which results in order 1allocation if page size is 4KB. In this way, we can at least save somememory, and as well as decrease the possibility of allocation failurein those scenarios.Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30

漏洞公开时间：2024-05-19 19:15:49

漏洞创建时间：2024-05-19 20:30:42

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-35938

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/138fdeac75fb7512a7f9f1c3b236cd2e754af793 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/1cca1bddf9ef080503c15378cecf4877f7510015 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/6597a6687af54e2cb58371cf8f6ee4dd85c537de | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/805a1cdde82fec00c7471a393f4bb437b2741559 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/ae5876b3b7b2243d874e2afa099e7926122087a1 | |

| suse_bugzilla | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-35938 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://www.cve.org/CVERecord?id=CVE-2024-35938 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/138fdeac75fb7512a7f9f1c3b236cd2e754af793 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/1cca1bddf9ef080503c15378cecf4877f7510015 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/6597a6687af54e2cb58371cf8f6ee4dd85c537de | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/805a1cdde82fec00c7471a393f4bb437b2741559 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/ae5876b3b7b2243d874e2afa099e7926122087a1 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-35938.mbox | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| ubuntu | https://www.cve.org/CVERecord?id=CVE-2024-35938 | https://ubuntu.com/security/CVE-2024-35938 |

| ubuntu | https://git.kernel.org/linus/1cca1bddf9ef080503c15378cecf4877f7510015 (6.9-rc1) | https://ubuntu.com/security/CVE-2024-35938 |

| ubuntu | https://git.kernel.org/stable/c/805a1cdde82fec00c7471a393f4bb437b2741559 | https://ubuntu.com/security/CVE-2024-35938 |

| ubuntu | https://git.kernel.org/stable/c/6597a6687af54e2cb58371cf8f6ee4dd85c537de | https://ubuntu.com/security/CVE-2024-35938 |

| ubuntu | https://git.kernel.org/stable/c/138fdeac75fb7512a7f9f1c3b236cd2e754af793 | https://ubuntu.com/security/CVE-2024-35938 |

| ubuntu | https://git.kernel.org/stable/c/ae5876b3b7b2243d874e2afa099e7926122087a1 | https://ubuntu.com/security/CVE-2024-35938 |

| ubuntu | https://git.kernel.org/stable/c/1cca1bddf9ef080503c15378cecf4877f7510015 | https://ubuntu.com/security/CVE-2024-35938 |

| ubuntu | https://nvd.nist.gov/vuln/detail/CVE-2024-35938 | https://ubuntu.com/security/CVE-2024-35938 |

| ubuntu | https://launchpad.net/bugs/cve/CVE-2024-35938 | https://ubuntu.com/security/CVE-2024-35938 |

| ubuntu | https://security-tracker.debian.org/tracker/CVE-2024-35938 | https://ubuntu.com/security/CVE-2024-35938 |

| debian | | https://security-tracker.debian.org/tracker/CVE-2024-35938 |

| cve_search | | https://git.kernel.org/stable/c/805a1cdde82fec00c7471a393f4bb437b2741559 |

| cve_search | | https://git.kernel.org/stable/c/6597a6687af54e2cb58371cf8f6ee4dd85c537de |

| cve_search | | https://git.kernel.org/stable/c/138fdeac75fb7512a7f9f1c3b236cd2e754af793 |

| cve_search | | https://git.kernel.org/stable/c/ae5876b3b7b2243d874e2afa099e7926122087a1 |

| cve_search | | https://git.kernel.org/stable/c/1cca1bddf9ef080503c15378cecf4877f7510015 |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 |

| ------- | -------- | ------- | -------- | --------- |

| linux | | https://git.kernel.org/linus/1cca1bddf9ef080503c15378cecf4877f7510015 | https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | ubuntu |

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

受影响版本排查(受影响/不受影响)：

1.master(6.1.0):

2.openEuler-20.03-LTS-SP1(4.19.90):

3.openEuler-20.03-LTS-SP4(4.19.90):

4.openEuler-22.03-LTS(5.10.0):

5.openEuler-22.03-LTS-Next(5.10.0):

6.openEuler-22.03-LTS-SP1(5.10.0):

7.openEuler-22.03-LTS-SP2(5.10.0):

8.openEuler-22.03-LTS-SP3(5.10.0):

9.openEuler-22.03-LTS-SP4:

10.openEuler-24.03-LTS:

11.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(6.1.0):

2.openEuler-20.03-LTS-SP1(4.19.90):

3.openEuler-20.03-LTS-SP4(4.19.90):

4.openEuler-22.03-LTS(5.10.0):

5.openEuler-22.03-LTS-Next(5.10.0):

6.openEuler-22.03-LTS-SP1(5.10.0):

7.openEuler-22.03-LTS-SP2(5.10.0):

8.openEuler-22.03-LTS-SP3(5.10.0):

9.openEuler-22.03-LTS-SP4:

10.openEuler-24.03-LTS:

11.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2024-35938](https://nvd.nist.gov/vuln/detail/CVE-2024-35938)

漏洞归属组件：[kernel](https://gitee.com/src-openeuler/kernel)

漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0

CVSS V2.0分值：

BaseScore：0.0 Low

Vector：CVSS：2.0/

漏洞简述：

In the Linux kernel, the following vulnerability has been resolved:wifi: ath11k: decrease MHI channel buffer length to 8KBCurrently buf_len field of ath11k_mhi_config_qca6390 is assignedwith 0, making MHI use a default size, 64KB, to allocate channelbuffers. This is likely to fail in some scenarios where systemmemory is highly fragmented and memory compaction or reclaim isnot allowed.There is a fail report which is caused by it:kworker/u32:45: page allocation failure: order:4, mode:0x40c00(GFP_NOIO|__GFP_COMP), nodemask=(null),cpuset=/,mems_allowed=0CPU: 0 PID: 19318 Comm: kworker/u32:45 Not tainted 6.8.0-rc3-1.gae4495f-default #1 openSUSE Tumbleweed (unreleased) 493b6d5b382c603654d7a81fc3c144d59a1dfcebWorkqueue: events_unbound async_run_entry_fnCall Trace: <TASK> dump_stack_lvl+0x47/0x60 warn_alloc+0x13a/0x1b0 ? srso_alias_return_thunk+0x5/0xfbef5 ? __alloc_pages_direct_compact+0xab/0x210 __alloc_pages_slowpath.constprop.0+0xd3e/0xda0 __alloc_pages+0x32d/0x350 ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __kmalloc_large_node+0x72/0x110 __kmalloc+0x37c/0x480 ? mhi_map_single_no_bb+0x77/0xf0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __mhi_prepare_for_transfer+0x44/0x80 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? __pfx_____mhi_prepare_for_transfer+0x10/0x10 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] device_for_each_child+0x5c/0xa0 ? __pfx_pci_pm_resume+0x10/0x10 ath11k_core_resume+0x65/0x100 [ath11k a5094e22d7223135c40d93c8f5321cf09fd85e4e] ? srso_alias_return_thunk+0x5/0xfbef5 ath11k_pci_pm_resume+0x32/0x60 [ath11k_pci 830b7bfc3ea80ebef32e563cafe2cb55e9cc73ec] ? srso_alias_return_thunk+0x5/0xfbef5 dpm_run_callback+0x8c/0x1e0 device_resume+0x104/0x340 ? __pfx_dpm_watchdog_handler+0x10/0x10 async_resume+0x1d/0x30 async_run_entry_fn+0x32/0x120 process_one_work+0x168/0x330 worker_thread+0x2f5/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe8/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK>Actually those buffers are used only by QMI target -> host communication.And for WCN6855 and QCA6390, the largest packet size for that is lessthan 6KB. So change buf_len field to 8KB, which results in order 1allocation if page size is 4KB. In this way, we can at least save somememory, and as well as decrease the possibility of allocation failurein those scenarios.Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30

漏洞公开时间：2024-05-19 19:15:49

漏洞创建时间：2024-05-19 20:30:42

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-35938

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/138fdeac75fb7512a7f9f1c3b236cd2e754af793 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/1cca1bddf9ef080503c15378cecf4877f7510015 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/6597a6687af54e2cb58371cf8f6ee4dd85c537de | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/805a1cdde82fec00c7471a393f4bb437b2741559 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/ae5876b3b7b2243d874e2afa099e7926122087a1 | |

| suse_bugzilla | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-35938 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://www.cve.org/CVERecord?id=CVE-2024-35938 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/138fdeac75fb7512a7f9f1c3b236cd2e754af793 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/1cca1bddf9ef080503c15378cecf4877f7510015 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/6597a6687af54e2cb58371cf8f6ee4dd85c537de | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/805a1cdde82fec00c7471a393f4bb437b2741559 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/ae5876b3b7b2243d874e2afa099e7926122087a1 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-35938.mbox | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

一、漏洞信息

漏洞编号：[CVE-2024-35938](https://nvd.nist.gov/vuln/detail/CVE-2024-35938)

漏洞归属组件：[kernel](https://gitee.com/src-openeuler/kernel)

漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0

CVSS V2.0分值：

BaseScore：0.0 Low

Vector：CVSS：2.0/

漏洞简述：

In the Linux kernel, the following vulnerability has been resolved:wifi: ath11k: decrease MHI channel buffer length to 8KBCurrently buf_len field of ath11k_mhi_config_qca6390 is assignedwith 0, making MHI use a default size, 64KB, to allocate channelbuffers. This is likely to fail in some scenarios where systemmemory is highly fragmented and memory compaction or reclaim isnot allowed.There is a fail report which is caused by it:kworker/u32:45: page allocation failure: order:4, mode:0x40c00(GFP_NOIO|__GFP_COMP), nodemask=(null),cpuset=/,mems_allowed=0CPU: 0 PID: 19318 Comm: kworker/u32:45 Not tainted 6.8.0-rc3-1.gae4495f-default #1 openSUSE Tumbleweed (unreleased) 493b6d5b382c603654d7a81fc3c144d59a1dfcebWorkqueue: events_unbound async_run_entry_fnCall Trace: <TASK> dump_stack_lvl+0x47/0x60 warn_alloc+0x13a/0x1b0 ? srso_alias_return_thunk+0x5/0xfbef5 ? __alloc_pages_direct_compact+0xab/0x210 __alloc_pages_slowpath.constprop.0+0xd3e/0xda0 __alloc_pages+0x32d/0x350 ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __kmalloc_large_node+0x72/0x110 __kmalloc+0x37c/0x480 ? mhi_map_single_no_bb+0x77/0xf0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __mhi_prepare_for_transfer+0x44/0x80 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? __pfx_____mhi_prepare_for_transfer+0x10/0x10 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] device_for_each_child+0x5c/0xa0 ? __pfx_pci_pm_resume+0x10/0x10 ath11k_core_resume+0x65/0x100 [ath11k a5094e22d7223135c40d93c8f5321cf09fd85e4e] ? srso_alias_return_thunk+0x5/0xfbef5 ath11k_pci_pm_resume+0x32/0x60 [ath11k_pci 830b7bfc3ea80ebef32e563cafe2cb55e9cc73ec] ? srso_alias_return_thunk+0x5/0xfbef5 dpm_run_callback+0x8c/0x1e0 device_resume+0x104/0x340 ? __pfx_dpm_watchdog_handler+0x10/0x10 async_resume+0x1d/0x30 async_run_entry_fn+0x32/0x120 process_one_work+0x168/0x330 worker_thread+0x2f5/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe8/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK>Actually those buffers are used only by QMI target -> host communication.And for WCN6855 and QCA6390, the largest packet size for that is lessthan 6KB. So change buf_len field to 8KB, which results in order 1allocation if page size is 4KB. In this way, we can at least save somememory, and as well as decrease the possibility of allocation failurein those scenarios.Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30

漏洞公开时间：2024-05-19 19:15:49

漏洞创建时间：2024-05-19 20:30:42

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-35938

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/138fdeac75fb7512a7f9f1c3b236cd2e754af793 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/1cca1bddf9ef080503c15378cecf4877f7510015 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/6597a6687af54e2cb58371cf8f6ee4dd85c537de | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/805a1cdde82fec00c7471a393f4bb437b2741559 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/ae5876b3b7b2243d874e2afa099e7926122087a1 | |

| suse_bugzilla | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-35938 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://www.cve.org/CVERecord?id=CVE-2024-35938 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/138fdeac75fb7512a7f9f1c3b236cd2e754af793 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/1cca1bddf9ef080503c15378cecf4877f7510015 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/6597a6687af54e2cb58371cf8f6ee4dd85c537de | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/805a1cdde82fec00c7471a393f4bb437b2741559 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/ae5876b3b7b2243d874e2afa099e7926122087a1 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-35938.mbox | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| redhat_bugzilla | https://lore.kernel.org/linux-cve-announce/2024051918-CVE-2024-35938-0100@gregkh/T | https://bugzilla.redhat.com/show_bug.cgi?id=2281819 |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 |

| ------- | -------- | ------- | -------- | --------- |

| linux | | https://git.kernel.org/linus/1cca1bddf9ef080503c15378cecf4877f7510015 | https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | ubuntu |

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

受影响版本排查(受影响/不受影响)：

1.master(6.1.0):

2.openEuler-20.03-LTS-SP1(4.19.90):

3.openEuler-20.03-LTS-SP4(4.19.90):

4.openEuler-22.03-LTS(5.10.0):

5.openEuler-22.03-LTS-Next(5.10.0):

6.openEuler-22.03-LTS-SP1(5.10.0):

7.openEuler-22.03-LTS-SP2(5.10.0):

8.openEuler-22.03-LTS-SP3(5.10.0):

9.openEuler-22.03-LTS-SP4:

10.openEuler-24.03-LTS:

11.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(6.1.0):

2.openEuler-20.03-LTS-SP1(4.19.90):

3.openEuler-20.03-LTS-SP4(4.19.90):

4.openEuler-22.03-LTS(5.10.0):

5.openEuler-22.03-LTS-Next(5.10.0):

6.openEuler-22.03-LTS-SP1(5.10.0):

7.openEuler-22.03-LTS-SP2(5.10.0):

8.openEuler-22.03-LTS-SP3(5.10.0):

9.openEuler-22.03-LTS-SP4:

10.openEuler-24.03-LTS:

11.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2024-35938](https://nvd.nist.gov/vuln/detail/CVE-2024-35938)

漏洞归属组件：[kernel](https://gitee.com/src-openeuler/kernel)

漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0

CVSS V2.0分值：

BaseScore：0.0 Low

Vector：CVSS：2.0/

漏洞简述：

In the Linux kernel, the following vulnerability has been resolved:wifi: ath11k: decrease MHI channel buffer length to 8KBCurrently buf_len field of ath11k_mhi_config_qca6390 is assignedwith 0, making MHI use a default size, 64KB, to allocate channelbuffers. This is likely to fail in some scenarios where systemmemory is highly fragmented and memory compaction or reclaim isnot allowed.There is a fail report which is caused by it:kworker/u32:45: page allocation failure: order:4, mode:0x40c00(GFP_NOIO|__GFP_COMP), nodemask=(null),cpuset=/,mems_allowed=0CPU: 0 PID: 19318 Comm: kworker/u32:45 Not tainted 6.8.0-rc3-1.gae4495f-default #1 openSUSE Tumbleweed (unreleased) 493b6d5b382c603654d7a81fc3c144d59a1dfcebWorkqueue: events_unbound async_run_entry_fnCall Trace: <TASK> dump_stack_lvl+0x47/0x60 warn_alloc+0x13a/0x1b0 ? srso_alias_return_thunk+0x5/0xfbef5 ? __alloc_pages_direct_compact+0xab/0x210 __alloc_pages_slowpath.constprop.0+0xd3e/0xda0 __alloc_pages+0x32d/0x350 ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __kmalloc_large_node+0x72/0x110 __kmalloc+0x37c/0x480 ? mhi_map_single_no_bb+0x77/0xf0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __mhi_prepare_for_transfer+0x44/0x80 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? __pfx_____mhi_prepare_for_transfer+0x10/0x10 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] device_for_each_child+0x5c/0xa0 ? __pfx_pci_pm_resume+0x10/0x10 ath11k_core_resume+0x65/0x100 [ath11k a5094e22d7223135c40d93c8f5321cf09fd85e4e] ? srso_alias_return_thunk+0x5/0xfbef5 ath11k_pci_pm_resume+0x32/0x60 [ath11k_pci 830b7bfc3ea80ebef32e563cafe2cb55e9cc73ec] ? srso_alias_return_thunk+0x5/0xfbef5 dpm_run_callback+0x8c/0x1e0 device_resume+0x104/0x340 ? __pfx_dpm_watchdog_handler+0x10/0x10 async_resume+0x1d/0x30 async_run_entry_fn+0x32/0x120 process_one_work+0x168/0x330 worker_thread+0x2f5/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe8/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK>Actually those buffers are used only by QMI target -> host communication.And for WCN6855 and QCA6390, the largest packet size for that is lessthan 6KB. So change buf_len field to 8KB, which results in order 1allocation if page size is 4KB. In this way, we can at least save somememory, and as well as decrease the possibility of allocation failurein those scenarios.Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30

漏洞公开时间：2024-05-19 19:15:49

漏洞创建时间：2024-05-19 20:30:42

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-35938

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/138fdeac75fb7512a7f9f1c3b236cd2e754af793 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/1cca1bddf9ef080503c15378cecf4877f7510015 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/6597a6687af54e2cb58371cf8f6ee4dd85c537de | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/805a1cdde82fec00c7471a393f4bb437b2741559 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/ae5876b3b7b2243d874e2afa099e7926122087a1 | |

| suse_bugzilla | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-35938 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://www.cve.org/CVERecord?id=CVE-2024-35938 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/138fdeac75fb7512a7f9f1c3b236cd2e754af793 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/1cca1bddf9ef080503c15378cecf4877f7510015 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/6597a6687af54e2cb58371cf8f6ee4dd85c537de | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/805a1cdde82fec00c7471a393f4bb437b2741559 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/ae5876b3b7b2243d874e2afa099e7926122087a1 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-35938.mbox | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| redhat_bugzilla | https://lore.kernel.org/linux-cve-announce/2024051918-CVE-2024-35938-0100@gregkh/T | https://bugzilla.redhat.com/show_bug.cgi?id=2281819 |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 |

| ------- | -------- | ------- | -------- | --------- |

| linux | | https://git.kernel.org/linus/1cca1bddf9ef080503c15378cecf4877f7510015 | https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | ubuntu |

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

受影响版本排查(受影响/不受影响)：

1.master(6.1.0):

2.openEuler-20.03-LTS-SP1(4.19.90):

3.openEuler-20.03-LTS-SP4(4.19.90):

4.openEuler-22.03-LTS(5.10.0):

5.openEuler-22.03-LTS-Next(5.10.0):

6.openEuler-22.03-LTS-SP1(5.10.0):

7.openEuler-22.03-LTS-SP2(5.10.0):

8.openEuler-22.03-LTS-SP3(5.10.0):

9.openEuler-22.03-LTS-SP4:

10.openEuler-24.03-LTS:

11.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(6.1.0):

2.openEuler-20.03-LTS-SP1(4.19.90):

3.openEuler-20.03-LTS-SP4(4.19.90):

4.openEuler-22.03-LTS(5.10.0):

5.openEuler-22.03-LTS-Next(5.10.0):

6.openEuler-22.03-LTS-SP1(5.10.0):

7.openEuler-22.03-LTS-SP2(5.10.0):

8.openEuler-22.03-LTS-SP3(5.10.0):

9.openEuler-22.03-LTS-SP4:

10.openEuler-24.03-LTS:

11.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2024-35938](https://nvd.nist.gov/vuln/detail/CVE-2024-35938)

漏洞归属组件：[kernel](https://gitee.com/src-openeuler/kernel)

漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0

CVSS V2.0分值：

BaseScore：0.0 Low

Vector：CVSS：2.0/

漏洞简述：

In the Linux kernel, the following vulnerability has been resolved:wifi: ath11k: decrease MHI channel buffer length to 8KBCurrently buf_len field of ath11k_mhi_config_qca6390 is assignedwith 0, making MHI use a default size, 64KB, to allocate channelbuffers. This is likely to fail in some scenarios where systemmemory is highly fragmented and memory compaction or reclaim isnot allowed.There is a fail report which is caused by it:kworker/u32:45: page allocation failure: order:4, mode:0x40c00(GFP_NOIO|__GFP_COMP), nodemask=(null),cpuset=/,mems_allowed=0CPU: 0 PID: 19318 Comm: kworker/u32:45 Not tainted 6.8.0-rc3-1.gae4495f-default #1 openSUSE Tumbleweed (unreleased) 493b6d5b382c603654d7a81fc3c144d59a1dfcebWorkqueue: events_unbound async_run_entry_fnCall Trace: <TASK> dump_stack_lvl+0x47/0x60 warn_alloc+0x13a/0x1b0 ? srso_alias_return_thunk+0x5/0xfbef5 ? __alloc_pages_direct_compact+0xab/0x210 __alloc_pages_slowpath.constprop.0+0xd3e/0xda0 __alloc_pages+0x32d/0x350 ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __kmalloc_large_node+0x72/0x110 __kmalloc+0x37c/0x480 ? mhi_map_single_no_bb+0x77/0xf0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __mhi_prepare_for_transfer+0x44/0x80 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? __pfx_____mhi_prepare_for_transfer+0x10/0x10 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] device_for_each_child+0x5c/0xa0 ? __pfx_pci_pm_resume+0x10/0x10 ath11k_core_resume+0x65/0x100 [ath11k a5094e22d7223135c40d93c8f5321cf09fd85e4e] ? srso_alias_return_thunk+0x5/0xfbef5 ath11k_pci_pm_resume+0x32/0x60 [ath11k_pci 830b7bfc3ea80ebef32e563cafe2cb55e9cc73ec] ? srso_alias_return_thunk+0x5/0xfbef5 dpm_run_callback+0x8c/0x1e0 device_resume+0x104/0x340 ? __pfx_dpm_watchdog_handler+0x10/0x10 async_resume+0x1d/0x30 async_run_entry_fn+0x32/0x120 process_one_work+0x168/0x330 worker_thread+0x2f5/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe8/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK>Actually those buffers are used only by QMI target -> host communication.And for WCN6855 and QCA6390, the largest packet size for that is lessthan 6KB. So change buf_len field to 8KB, which results in order 1allocation if page size is 4KB. In this way, we can at least save somememory, and as well as decrease the possibility of allocation failurein those scenarios.Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30

漏洞公开时间：2024-05-19 19:15:49

漏洞创建时间：2024-05-19 20:30:42

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-35938

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/138fdeac75fb7512a7f9f1c3b236cd2e754af793 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/1cca1bddf9ef080503c15378cecf4877f7510015 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/6597a6687af54e2cb58371cf8f6ee4dd85c537de | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/805a1cdde82fec00c7471a393f4bb437b2741559 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/ae5876b3b7b2243d874e2afa099e7926122087a1 | |

| suse_bugzilla | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-35938 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://www.cve.org/CVERecord?id=CVE-2024-35938 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/138fdeac75fb7512a7f9f1c3b236cd2e754af793 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/1cca1bddf9ef080503c15378cecf4877f7510015 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/6597a6687af54e2cb58371cf8f6ee4dd85c537de | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/805a1cdde82fec00c7471a393f4bb437b2741559 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/ae5876b3b7b2243d874e2afa099e7926122087a1 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-35938.mbox | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| redhat_bugzilla | https://lore.kernel.org/linux-cve-announce/2024051918-CVE-2024-35938-0100@gregkh/T | https://bugzilla.redhat.com/show_bug.cgi?id=2281819 |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 |

| ------- | -------- | ------- | -------- | --------- |

| linux | | https://git.kernel.org/linus/1cca1bddf9ef080503c15378cecf4877f7510015 | https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | ubuntu |

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

受影响版本排查(受影响/不受影响)：

1.master(6.1.0):

2.openEuler-20.03-LTS-SP1(4.19.90):

3.openEuler-20.03-LTS-SP4(4.19.90):

4.openEuler-22.03-LTS(5.10.0):

5.openEuler-22.03-LTS-Next(5.10.0):

6.openEuler-22.03-LTS-SP1(5.10.0):

7.openEuler-22.03-LTS-SP2(5.10.0):

8.openEuler-22.03-LTS-SP3(5.10.0):

9.openEuler-22.03-LTS-SP4:

10.openEuler-24.03-LTS:

11.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(6.1.0):

2.openEuler-20.03-LTS-SP1(4.19.90):

3.openEuler-20.03-LTS-SP4(4.19.90):

4.openEuler-22.03-LTS(5.10.0):

5.openEuler-22.03-LTS-Next(5.10.0):

6.openEuler-22.03-LTS-SP1(5.10.0):

7.openEuler-22.03-LTS-SP2(5.10.0):

8.openEuler-22.03-LTS-SP3(5.10.0):

9.openEuler-22.03-LTS-SP4:

10.openEuler-24.03-LTS:

11.openEuler-24.03-LTS-Next:

一、漏洞信息

漏洞编号：[CVE-2024-35938](https://nvd.nist.gov/vuln/detail/CVE-2024-35938)

漏洞归属组件：[kernel](https://gitee.com/src-openeuler/kernel)

漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0

CVSS V2.0分值：

BaseScore：0.0 Low

Vector：CVSS：2.0/

漏洞简述：

In the Linux kernel, the following vulnerability has been resolved:wifi: ath11k: decrease MHI channel buffer length to 8KBCurrently buf_len field of ath11k_mhi_config_qca6390 is assignedwith 0, making MHI use a default size, 64KB, to allocate channelbuffers. This is likely to fail in some scenarios where systemmemory is highly fragmented and memory compaction or reclaim isnot allowed.There is a fail report which is caused by it:kworker/u32:45: page allocation failure: order:4, mode:0x40c00(GFP_NOIO|__GFP_COMP), nodemask=(null),cpuset=/,mems_allowed=0CPU: 0 PID: 19318 Comm: kworker/u32:45 Not tainted 6.8.0-rc3-1.gae4495f-default #1 openSUSE Tumbleweed (unreleased) 493b6d5b382c603654d7a81fc3c144d59a1dfcebWorkqueue: events_unbound async_run_entry_fnCall Trace: <TASK> dump_stack_lvl+0x47/0x60 warn_alloc+0x13a/0x1b0 ? srso_alias_return_thunk+0x5/0xfbef5 ? __alloc_pages_direct_compact+0xab/0x210 __alloc_pages_slowpath.constprop.0+0xd3e/0xda0 __alloc_pages+0x32d/0x350 ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __kmalloc_large_node+0x72/0x110 __kmalloc+0x37c/0x480 ? mhi_map_single_no_bb+0x77/0xf0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __mhi_prepare_for_transfer+0x44/0x80 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? __pfx_____mhi_prepare_for_transfer+0x10/0x10 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] device_for_each_child+0x5c/0xa0 ? __pfx_pci_pm_resume+0x10/0x10 ath11k_core_resume+0x65/0x100 [ath11k a5094e22d7223135c40d93c8f5321cf09fd85e4e] ? srso_alias_return_thunk+0x5/0xfbef5 ath11k_pci_pm_resume+0x32/0x60 [ath11k_pci 830b7bfc3ea80ebef32e563cafe2cb55e9cc73ec] ? srso_alias_return_thunk+0x5/0xfbef5 dpm_run_callback+0x8c/0x1e0 device_resume+0x104/0x340 ? __pfx_dpm_watchdog_handler+0x10/0x10 async_resume+0x1d/0x30 async_run_entry_fn+0x32/0x120 process_one_work+0x168/0x330 worker_thread+0x2f5/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe8/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK>Actually those buffers are used only by QMI target -> host communication.And for WCN6855 and QCA6390, the largest packet size for that is lessthan 6KB. So change buf_len field to 8KB, which results in order 1allocation if page size is 4KB. In this way, we can at least save somememory, and as well as decrease the possibility of allocation failurein those scenarios.Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30

漏洞公开时间：2024-05-19 19:15:49

漏洞创建时间：2024-05-19 20:30:42

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-35938

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/138fdeac75fb7512a7f9f1c3b236cd2e754af793 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/1cca1bddf9ef080503c15378cecf4877f7510015 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/6597a6687af54e2cb58371cf8f6ee4dd85c537de | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/805a1cdde82fec00c7471a393f4bb437b2741559 | |

| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/ae5876b3b7b2243d874e2afa099e7926122087a1 | |

| suse_bugzilla | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-35938 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://www.cve.org/CVERecord?id=CVE-2024-35938 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/138fdeac75fb7512a7f9f1c3b236cd2e754af793 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/1cca1bddf9ef080503c15378cecf4877f7510015 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/6597a6687af54e2cb58371cf8f6ee4dd85c537de | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/805a1cdde82fec00c7471a393f4bb437b2741559 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/stable/c/ae5876b3b7b2243d874e2afa099e7926122087a1 | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| suse_bugzilla | https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-35938.mbox | https://bugzilla.suse.com/show_bug.cgi?id=1224643 |

| redhat_bugzilla | https://lore.kernel.org/linux-cve-announce/2024051918-CVE-2024-35938-0100@gregkh/T | https://bugzilla.redhat.com/show_bug.cgi?id=2281819 |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 |

| ------- | -------- | ------- | -------- | --------- |

| linux | | https://git.kernel.org/linus/1cca1bddf9ef080503c15378cecf4877f7510015 | https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | ubuntu |

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

受影响版本排查(受影响/不受影响)：

1.master(6.1.0):

2.openEuler-20.03-LTS-SP1(4.19.90):

3.openEuler-20.03-LTS-SP4(4.19.90):

4.openEuler-22.03-LTS(5.10.0):

5.openEuler-22.03-LTS-Next(5.10.0):

6.openEuler-22.03-LTS-SP1(5.10.0):

7.openEuler-22.03-LTS-SP2(5.10.0):

8.openEuler-22.03-LTS-SP3(5.10.0):

9.openEuler-22.03-LTS-SP4:

10.openEuler-24.03-LTS:

11.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：

1.master(6.1.0):

2.openEuler-20.03-LTS-SP1(4.19.90):

3.openEuler-20.03-LTS-SP4(4.19.90):

4.openEuler-22.03-LTS(5.10.0):

5.openEuler-22.03-LTS-Next(5.10.0):

6.openEuler-22.03-LTS-SP1(5.10.0):

7.openEuler-22.03-LTS-SP2(5.10.0):

8.openEuler-22.03-LTS-SP3(5.10.0):

9.openEuler-22.03-LTS-SP4:

10.openEuler-24.03-LTS:

11.openEuler-24.03-LTS-Next: