Sign in
Sign up
Explore
Enterprise
Education
Search
Help
Terms of use
About Us
Explore
Enterprise
Education
Gitee Premium
Gitee AI
AI teammates
Sign in
Sign up
Fetch the repository succeeded.
description of repo status
Open Source
>
Other
>
Operation System
&&
Donate
Please sign in before you donate.
Cancel
Sign in
Scan WeChat QR to Pay
Cancel
Complete
Prompt
Switch to Alipay.
OK
Cancel
Watch
Unwatch
Watching
Releases Only
Ignoring
128
Star
73
Fork
331
src-openEuler
/
kernel
Closed
Code
Issues
1197
Pull Requests
35
Wiki
Insights
Pipelines
Service
JavaDoc
PHPDoc
Quality Analysis
Jenkins for Gitee
Tencent CloudBase
Tencent Cloud Serverless
悬镜安全
Aliyun SAE
Codeblitz
SBOM
DevLens
Don’t show this again
Update failed. Please try again later!
Remove this flag
Content Risk Flag
This task is identified by
as the content contains sensitive information such as code security bugs, privacy leaks, etc., so it is only accessible to contributors of this repository.
CVE-2024-40912
Done
#IACRSL
CVE和安全问题
openeuler-ci-bot
owner
Opened this issue
2024-07-13 18:42
一、漏洞信息 漏洞编号:[CVE-2024-40912](https://nvd.nist.gov/vuln/detail/CVE-2024-40912) 漏洞归属组件:[kernel](https://gitee.com/src-openeuler/kernel) 漏洞归属的版本:4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0,6.6.0 CVSS V2.0分值: BaseScore:0.0 Medium Vector:CVSS:2.0/ 漏洞简述: In the Linux kernel, the following vulnerability has been resolved:wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()The ieee80211_sta_ps_deliver_wakeup() function takes sta->ps_lock tosynchronizes with ieee80211_tx_h_unicast_ps_buf() which is called fromsoftirq context. However using only spin_lock() to get sta->ps_lock inieee80211_sta_ps_deliver_wakeup() does not prevent softirq to executeon this same CPU, to run ieee80211_tx_h_unicast_ps_buf() and try totake this same lock ending in deadlock. Below is an example of rcu stallthat arises in such situation. rcu: INFO: rcu_sched self-detected stall on CPU rcu: 2-....: (42413413 ticks this GP) idle=b154/1/0x4000000000000000 softirq=1763/1765 fqs=21206996 rcu: (t=42586894 jiffies g=2057 q=362405 ncpus=4) CPU: 2 PID: 719 Comm: wpa_supplicant Tainted: G W 6.4.0-02158-g1b062f552873 #742 Hardware name: RPT (r1) (DT) pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : queued_spin_lock_slowpath+0x58/0x2d0 lr : invoke_tx_handlers_early+0x5b4/0x5c0 sp : ffff00001ef64660 x29: ffff00001ef64660 x28: ffff000009bc1070 x27: ffff000009bc0ad8 x26: ffff000009bc0900 x25: ffff00001ef647a8 x24: 0000000000000000 x23: ffff000009bc0900 x22: ffff000009bc0900 x21: ffff00000ac0e000 x20: ffff00000a279e00 x19: ffff00001ef646e8 x18: 0000000000000000 x17: ffff800016468000 x16: ffff00001ef608c0 x15: 0010533c93f64f80 x14: 0010395c9faa3946 x13: 0000000000000000 x12: 00000000fa83b2da x11: 000000012edeceea x10: ffff0000010fbe00 x9 : 0000000000895440 x8 : 000000000010533c x7 : ffff00000ad8b740 x6 : ffff00000c350880 x5 : 0000000000000007 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff00000ac0e0e8 Call trace: queued_spin_lock_slowpath+0x58/0x2d0 ieee80211_tx+0x80/0x12c ieee80211_tx_pending+0x110/0x278 tasklet_action_common.constprop.0+0x10c/0x144 tasklet_action+0x20/0x28 _stext+0x11c/0x284 ____do_softirq+0xc/0x14 call_on_irq_stack+0x24/0x34 do_softirq_own_stack+0x18/0x20 do_softirq+0x74/0x7c __local_bh_enable_ip+0xa0/0xa4 _ieee80211_wake_txqs+0x3b0/0x4b8 __ieee80211_wake_queue+0x12c/0x168 ieee80211_add_pending_skbs+0xec/0x138 ieee80211_sta_ps_deliver_wakeup+0x2a4/0x480 ieee80211_mps_sta_status_update.part.0+0xd8/0x11c ieee80211_mps_sta_status_update+0x18/0x24 sta_apply_parameters+0x3bc/0x4c0 ieee80211_change_station+0x1b8/0x2dc nl80211_set_station+0x444/0x49c genl_family_rcv_msg_doit.isra.0+0xa4/0xfc genl_rcv_msg+0x1b0/0x244 netlink_rcv_skb+0x38/0x10c genl_rcv+0x34/0x48 netlink_unicast+0x254/0x2bc netlink_sendmsg+0x190/0x3b4 ____sys_sendmsg+0x1e8/0x218 ___sys_sendmsg+0x68/0x8c __sys_sendmsg+0x44/0x84 __arm64_sys_sendmsg+0x20/0x28 do_el0_svc+0x6c/0xe8 el0_svc+0x14/0x48 el0t_64_sync_handler+0xb0/0xb4 el0t_64_sync+0x14c/0x150Using spin_lock_bh()/spin_unlock_bh() instead prevents softirq to raiseon the same CPU that is holding the lock. 漏洞公开时间:2024-07-12 21:15:14 漏洞创建时间:2024-07-13 18:42:24 漏洞详情参考链接: https://nvd.nist.gov/vuln/detail/CVE-2024-40912 <details> <summary>更多参考(点击展开)</summary> | 参考来源 | 参考链接 | 来源链接 | | ------- | -------- | -------- | | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/28ba44d680a30c51cf485a2f5a3b680e66ed3932 | | | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/44c06bbde6443de206b30f513100b5670b23fc5e | | | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/456bbb8a31e425177dc0e8d4f98728a560c20e81 | | | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/47d176755d5c0baf284eff039560f8c1ba0ea485 | | | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/9c49b58b9a2bed707e7638576e54c4bccd97b9eb | | | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/d90bdff79f8e40adf889b5408bfcf521528b169f | | | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/e51637e0c66a6f72d134d9f95daa47ea62b43c7e | | | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/e7e916d693dcb5a297f40312600a82475f2e63bc | | | suse_bugzilla | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-40912 | https://bugzilla.suse.com/show_bug.cgi?id=1227790 | | suse_bugzilla | https://www.cve.org/CVERecord?id=CVE-2024-40912 | https://bugzilla.suse.com/show_bug.cgi?id=1227790 | | suse_bugzilla | https://git.kernel.org/stable/c/28ba44d680a30c51cf485a2f5a3b680e66ed3932 | https://bugzilla.suse.com/show_bug.cgi?id=1227790 | | suse_bugzilla | https://git.kernel.org/stable/c/44c06bbde6443de206b30f513100b5670b23fc5e | https://bugzilla.suse.com/show_bug.cgi?id=1227790 | | suse_bugzilla | https://git.kernel.org/stable/c/456bbb8a31e425177dc0e8d4f98728a560c20e81 | https://bugzilla.suse.com/show_bug.cgi?id=1227790 | | suse_bugzilla | https://git.kernel.org/stable/c/47d176755d5c0baf284eff039560f8c1ba0ea485 | https://bugzilla.suse.com/show_bug.cgi?id=1227790 | | suse_bugzilla | https://git.kernel.org/stable/c/9c49b58b9a2bed707e7638576e54c4bccd97b9eb | https://bugzilla.suse.com/show_bug.cgi?id=1227790 | | suse_bugzilla | https://git.kernel.org/stable/c/d90bdff79f8e40adf889b5408bfcf521528b169f | https://bugzilla.suse.com/show_bug.cgi?id=1227790 | | suse_bugzilla | https://git.kernel.org/stable/c/e51637e0c66a6f72d134d9f95daa47ea62b43c7e | https://bugzilla.suse.com/show_bug.cgi?id=1227790 | | suse_bugzilla | https://git.kernel.org/stable/c/e7e916d693dcb5a297f40312600a82475f2e63bc | https://bugzilla.suse.com/show_bug.cgi?id=1227790 | | suse_bugzilla | https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-40912.mbox | https://bugzilla.suse.com/show_bug.cgi?id=1227790 | | ubuntu | https://www.cve.org/CVERecord?id=CVE-2024-40912 | https://ubuntu.com/security/CVE-2024-40912 | | ubuntu | https://git.kernel.org/linus/44c06bbde6443de206b30f513100b5670b23fc5e (6.10-rc3) | https://ubuntu.com/security/CVE-2024-40912 | | ubuntu | https://nvd.nist.gov/vuln/detail/CVE-2024-40912 | https://ubuntu.com/security/CVE-2024-40912 | | ubuntu | https://launchpad.net/bugs/cve/CVE-2024-40912 | https://ubuntu.com/security/CVE-2024-40912 | | ubuntu | https://security-tracker.debian.org/tracker/CVE-2024-40912 | https://ubuntu.com/security/CVE-2024-40912 | | debian | | https://security-tracker.debian.org/tracker/CVE-2024-40912 | | cve_search | | https://git.kernel.org/stable/c/e51637e0c66a6f72d134d9f95daa47ea62b43c7e | | cve_search | | https://git.kernel.org/stable/c/28ba44d680a30c51cf485a2f5a3b680e66ed3932 | | cve_search | | https://git.kernel.org/stable/c/e7e916d693dcb5a297f40312600a82475f2e63bc | | cve_search | | https://git.kernel.org/stable/c/d90bdff79f8e40adf889b5408bfcf521528b169f | | cve_search | | https://git.kernel.org/stable/c/9c49b58b9a2bed707e7638576e54c4bccd97b9eb | | cve_search | | https://git.kernel.org/stable/c/456bbb8a31e425177dc0e8d4f98728a560c20e81 | | cve_search | | https://git.kernel.org/stable/c/47d176755d5c0baf284eff039560f8c1ba0ea485 | | cve_search | | https://git.kernel.org/stable/c/44c06bbde6443de206b30f513100b5670b23fc5e | </details> 漏洞分析指导链接: https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md 漏洞数据来源: openBrain开源漏洞感知系统 漏洞补丁信息: <details> <summary>详情(点击展开)</summary> | 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 | | ------- | -------- | ------- | -------- | --------- | | linux | | https://git.kernel.org/linus/44c06bbde6443de206b30f513100b5670b23fc5e | https://git.kernel.org/linus/1d147bfa64293b2723c4fec50922168658e613ba | ubuntu | </details> 二、漏洞分析结构反馈 影响性分析说明: In the Linux kernel, the following vulnerability has been resolved:wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()The ieee80211_sta_ps_deliver_wakeup() function takes sta->ps_lock tosynchronizes with ieee80211_tx_h_unicast_ps_buf() which is called fromsoftirq context. However using only spin_lock() to get sta->ps_lock inieee80211_sta_ps_deliver_wakeup() does not prevent softirq to executeon this same CPU, to run ieee80211_tx_h_unicast_ps_buf() and try totake this same lock ending in deadlock. Below is an example of rcu stallthat arises in such situation. rcu: INFO: rcu_sched self-detected stall on CPU rcu: 2-....: (42413413 ticks this GP) idle=b154/1/0x4000000000000000 softirq=1763/1765 fqs=21206996 rcu: (t=42586894 jiffies g=2057 q=362405 ncpus=4) CPU: 2 PID: 719 Comm: wpa_supplicant Tainted: G W 6.4.0-02158-g1b062f552873 #742 Hardware name: RPT (r1) (DT) pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : queued_spin_lock_slowpath+0x58/0x2d0 lr : invoke_tx_handlers_early+0x5b4/0x5c0 sp : ffff00001ef64660 x29: ffff00001ef64660 x28: ffff000009bc1070 x27: ffff000009bc0ad8 x26: ffff000009bc0900 x25: ffff00001ef647a8 x24: 0000000000000000 x23: ffff000009bc0900 x22: ffff000009bc0900 x21: ffff00000ac0e000 x20: ffff00000a279e00 x19: ffff00001ef646e8 x18: 0000000000000000 x17: ffff800016468000 x16: ffff00001ef608c0 x15: 0010533c93f64f80 x14: 0010395c9faa3946 x13: 0000000000000000 x12: 00000000fa83b2da x11: 000000012edeceea x10: ffff0000010fbe00 x9 : 0000000000895440 x8 : 000000000010533c x7 : ffff00000ad8b740 x6 : ffff00000c350880 x5 : 0000000000000007 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff00000ac0e0e8 Call trace: queued_spin_lock_slowpath+0x58/0x2d0 ieee80211_tx+0x80/0x12c ieee80211_tx_pending+0x110/0x278 tasklet_action_common.constprop.0+0x10c/0x144 tasklet_action+0x20/0x28 _stext+0x11c/0x284 ____do_softirq+0xc/0x14 call_on_irq_stack+0x24/0x34 do_softirq_own_stack+0x18/0x20 do_softirq+0x74/0x7c __local_bh_enable_ip+0xa0/0xa4 _ieee80211_wake_txqs+0x3b0/0x4b8 __ieee80211_wake_queue+0x12c/0x168 ieee80211_add_pending_skbs+0xec/0x138 ieee80211_sta_ps_deliver_wakeup+0x2a4/0x480 ieee80211_mps_sta_status_update.part.0+0xd8/0x11c ieee80211_mps_sta_status_update+0x18/0x24 sta_apply_parameters+0x3bc/0x4c0 ieee80211_change_station+0x1b8/0x2dc nl80211_set_station+0x444/0x49c genl_family_rcv_msg_doit.isra.0+0xa4/0xfc genl_rcv_msg+0x1b0/0x244 netlink_rcv_skb+0x38/0x10c genl_rcv+0x34/0x48 netlink_unicast+0x254/0x2bc netlink_sendmsg+0x190/0x3b4 ____sys_sendmsg+0x1e8/0x218 ___sys_sendmsg+0x68/0x8c __sys_sendmsg+0x44/0x84 __arm64_sys_sendmsg+0x20/0x28 do_el0_svc+0x6c/0xe8 el0_svc+0x14/0x48 el0t_64_sync_handler+0xb0/0xb4 el0t_64_sync+0x14c/0x150Using spin_lock_bh()/spin_unlock_bh() instead prevents softirq to raiseon the same CPU that is holding the lock.The Linux kernel CVE team has assigned CVE-2024-40912 to this issue. openEuler评分: 5.5 Vector:CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 受影响版本排查(受影响/不受影响): 1.openEuler-20.03-LTS-SP4(4.19.90):受影响 2.openEuler-22.03-LTS-SP1(5.10.0):受影响 3.openEuler-22.03-LTS-SP3(5.10.0):受影响 4.openEuler-24.03-LTS(6.6.0):受影响 5.openEuler-22.03-LTS-SP4(5.10.0):不受影响 6.master(6.1.0):不受影响 7.openEuler-24.03-LTS-Next(6.6.0):不受影响 修复是否涉及abi变化(是/否): 1.openEuler-20.03-LTS-SP4(4.19.90):否 2.openEuler-22.03-LTS-SP1(5.10.0):否 3.openEuler-22.03-LTS-SP3(5.10.0):否 4.master(6.1.0):否 5.openEuler-24.03-LTS(6.6.0):否 6.openEuler-24.03-LTS-Next(6.6.0):否 7.openEuler-22.03-LTS-SP4(5.10.0):否 三、漏洞修复 安全公告链接:https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2024-1897
一、漏洞信息 漏洞编号:[CVE-2024-40912](https://nvd.nist.gov/vuln/detail/CVE-2024-40912) 漏洞归属组件:[kernel](https://gitee.com/src-openeuler/kernel) 漏洞归属的版本:4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0,6.6.0 CVSS V2.0分值: BaseScore:0.0 Medium Vector:CVSS:2.0/ 漏洞简述: In the Linux kernel, the following vulnerability has been resolved:wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()The ieee80211_sta_ps_deliver_wakeup() function takes sta->ps_lock tosynchronizes with ieee80211_tx_h_unicast_ps_buf() which is called fromsoftirq context. However using only spin_lock() to get sta->ps_lock inieee80211_sta_ps_deliver_wakeup() does not prevent softirq to executeon this same CPU, to run ieee80211_tx_h_unicast_ps_buf() and try totake this same lock ending in deadlock. Below is an example of rcu stallthat arises in such situation. rcu: INFO: rcu_sched self-detected stall on CPU rcu: 2-....: (42413413 ticks this GP) idle=b154/1/0x4000000000000000 softirq=1763/1765 fqs=21206996 rcu: (t=42586894 jiffies g=2057 q=362405 ncpus=4) CPU: 2 PID: 719 Comm: wpa_supplicant Tainted: G W 6.4.0-02158-g1b062f552873 #742 Hardware name: RPT (r1) (DT) pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : queued_spin_lock_slowpath+0x58/0x2d0 lr : invoke_tx_handlers_early+0x5b4/0x5c0 sp : ffff00001ef64660 x29: ffff00001ef64660 x28: ffff000009bc1070 x27: ffff000009bc0ad8 x26: ffff000009bc0900 x25: ffff00001ef647a8 x24: 0000000000000000 x23: ffff000009bc0900 x22: ffff000009bc0900 x21: ffff00000ac0e000 x20: ffff00000a279e00 x19: ffff00001ef646e8 x18: 0000000000000000 x17: ffff800016468000 x16: ffff00001ef608c0 x15: 0010533c93f64f80 x14: 0010395c9faa3946 x13: 0000000000000000 x12: 00000000fa83b2da x11: 000000012edeceea x10: ffff0000010fbe00 x9 : 0000000000895440 x8 : 000000000010533c x7 : ffff00000ad8b740 x6 : ffff00000c350880 x5 : 0000000000000007 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff00000ac0e0e8 Call trace: queued_spin_lock_slowpath+0x58/0x2d0 ieee80211_tx+0x80/0x12c ieee80211_tx_pending+0x110/0x278 tasklet_action_common.constprop.0+0x10c/0x144 tasklet_action+0x20/0x28 _stext+0x11c/0x284 ____do_softirq+0xc/0x14 call_on_irq_stack+0x24/0x34 do_softirq_own_stack+0x18/0x20 do_softirq+0x74/0x7c __local_bh_enable_ip+0xa0/0xa4 _ieee80211_wake_txqs+0x3b0/0x4b8 __ieee80211_wake_queue+0x12c/0x168 ieee80211_add_pending_skbs+0xec/0x138 ieee80211_sta_ps_deliver_wakeup+0x2a4/0x480 ieee80211_mps_sta_status_update.part.0+0xd8/0x11c ieee80211_mps_sta_status_update+0x18/0x24 sta_apply_parameters+0x3bc/0x4c0 ieee80211_change_station+0x1b8/0x2dc nl80211_set_station+0x444/0x49c genl_family_rcv_msg_doit.isra.0+0xa4/0xfc genl_rcv_msg+0x1b0/0x244 netlink_rcv_skb+0x38/0x10c genl_rcv+0x34/0x48 netlink_unicast+0x254/0x2bc netlink_sendmsg+0x190/0x3b4 ____sys_sendmsg+0x1e8/0x218 ___sys_sendmsg+0x68/0x8c __sys_sendmsg+0x44/0x84 __arm64_sys_sendmsg+0x20/0x28 do_el0_svc+0x6c/0xe8 el0_svc+0x14/0x48 el0t_64_sync_handler+0xb0/0xb4 el0t_64_sync+0x14c/0x150Using spin_lock_bh()/spin_unlock_bh() instead prevents softirq to raiseon the same CPU that is holding the lock. 漏洞公开时间:2024-07-12 21:15:14 漏洞创建时间:2024-07-13 18:42:24 漏洞详情参考链接: https://nvd.nist.gov/vuln/detail/CVE-2024-40912 <details> <summary>更多参考(点击展开)</summary> | 参考来源 | 参考链接 | 来源链接 | | ------- | -------- | -------- | | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/28ba44d680a30c51cf485a2f5a3b680e66ed3932 | | | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/44c06bbde6443de206b30f513100b5670b23fc5e | | | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/456bbb8a31e425177dc0e8d4f98728a560c20e81 | | | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/47d176755d5c0baf284eff039560f8c1ba0ea485 | | | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/9c49b58b9a2bed707e7638576e54c4bccd97b9eb | | | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/d90bdff79f8e40adf889b5408bfcf521528b169f | | | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/e51637e0c66a6f72d134d9f95daa47ea62b43c7e | | | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/e7e916d693dcb5a297f40312600a82475f2e63bc | | | suse_bugzilla | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-40912 | https://bugzilla.suse.com/show_bug.cgi?id=1227790 | | suse_bugzilla | https://www.cve.org/CVERecord?id=CVE-2024-40912 | https://bugzilla.suse.com/show_bug.cgi?id=1227790 | | suse_bugzilla | https://git.kernel.org/stable/c/28ba44d680a30c51cf485a2f5a3b680e66ed3932 | https://bugzilla.suse.com/show_bug.cgi?id=1227790 | | suse_bugzilla | https://git.kernel.org/stable/c/44c06bbde6443de206b30f513100b5670b23fc5e | https://bugzilla.suse.com/show_bug.cgi?id=1227790 | | suse_bugzilla | https://git.kernel.org/stable/c/456bbb8a31e425177dc0e8d4f98728a560c20e81 | https://bugzilla.suse.com/show_bug.cgi?id=1227790 | | suse_bugzilla | https://git.kernel.org/stable/c/47d176755d5c0baf284eff039560f8c1ba0ea485 | https://bugzilla.suse.com/show_bug.cgi?id=1227790 | | suse_bugzilla | https://git.kernel.org/stable/c/9c49b58b9a2bed707e7638576e54c4bccd97b9eb | https://bugzilla.suse.com/show_bug.cgi?id=1227790 | | suse_bugzilla | https://git.kernel.org/stable/c/d90bdff79f8e40adf889b5408bfcf521528b169f | https://bugzilla.suse.com/show_bug.cgi?id=1227790 | | suse_bugzilla | https://git.kernel.org/stable/c/e51637e0c66a6f72d134d9f95daa47ea62b43c7e | https://bugzilla.suse.com/show_bug.cgi?id=1227790 | | suse_bugzilla | https://git.kernel.org/stable/c/e7e916d693dcb5a297f40312600a82475f2e63bc | https://bugzilla.suse.com/show_bug.cgi?id=1227790 | | suse_bugzilla | https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-40912.mbox | https://bugzilla.suse.com/show_bug.cgi?id=1227790 | | ubuntu | https://www.cve.org/CVERecord?id=CVE-2024-40912 | https://ubuntu.com/security/CVE-2024-40912 | | ubuntu | https://git.kernel.org/linus/44c06bbde6443de206b30f513100b5670b23fc5e (6.10-rc3) | https://ubuntu.com/security/CVE-2024-40912 | | ubuntu | https://nvd.nist.gov/vuln/detail/CVE-2024-40912 | https://ubuntu.com/security/CVE-2024-40912 | | ubuntu | https://launchpad.net/bugs/cve/CVE-2024-40912 | https://ubuntu.com/security/CVE-2024-40912 | | ubuntu | https://security-tracker.debian.org/tracker/CVE-2024-40912 | https://ubuntu.com/security/CVE-2024-40912 | | debian | | https://security-tracker.debian.org/tracker/CVE-2024-40912 | | cve_search | | https://git.kernel.org/stable/c/e51637e0c66a6f72d134d9f95daa47ea62b43c7e | | cve_search | | https://git.kernel.org/stable/c/28ba44d680a30c51cf485a2f5a3b680e66ed3932 | | cve_search | | https://git.kernel.org/stable/c/e7e916d693dcb5a297f40312600a82475f2e63bc | | cve_search | | https://git.kernel.org/stable/c/d90bdff79f8e40adf889b5408bfcf521528b169f | | cve_search | | https://git.kernel.org/stable/c/9c49b58b9a2bed707e7638576e54c4bccd97b9eb | | cve_search | | https://git.kernel.org/stable/c/456bbb8a31e425177dc0e8d4f98728a560c20e81 | | cve_search | | https://git.kernel.org/stable/c/47d176755d5c0baf284eff039560f8c1ba0ea485 | | cve_search | | https://git.kernel.org/stable/c/44c06bbde6443de206b30f513100b5670b23fc5e | </details> 漏洞分析指导链接: https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md 漏洞数据来源: openBrain开源漏洞感知系统 漏洞补丁信息: <details> <summary>详情(点击展开)</summary> | 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 | | ------- | -------- | ------- | -------- | --------- | | linux | | https://git.kernel.org/linus/44c06bbde6443de206b30f513100b5670b23fc5e | https://git.kernel.org/linus/1d147bfa64293b2723c4fec50922168658e613ba | ubuntu | </details> 二、漏洞分析结构反馈 影响性分析说明: In the Linux kernel, the following vulnerability has been resolved:wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()The ieee80211_sta_ps_deliver_wakeup() function takes sta->ps_lock tosynchronizes with ieee80211_tx_h_unicast_ps_buf() which is called fromsoftirq context. However using only spin_lock() to get sta->ps_lock inieee80211_sta_ps_deliver_wakeup() does not prevent softirq to executeon this same CPU, to run ieee80211_tx_h_unicast_ps_buf() and try totake this same lock ending in deadlock. Below is an example of rcu stallthat arises in such situation. rcu: INFO: rcu_sched self-detected stall on CPU rcu: 2-....: (42413413 ticks this GP) idle=b154/1/0x4000000000000000 softirq=1763/1765 fqs=21206996 rcu: (t=42586894 jiffies g=2057 q=362405 ncpus=4) CPU: 2 PID: 719 Comm: wpa_supplicant Tainted: G W 6.4.0-02158-g1b062f552873 #742 Hardware name: RPT (r1) (DT) pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : queued_spin_lock_slowpath+0x58/0x2d0 lr : invoke_tx_handlers_early+0x5b4/0x5c0 sp : ffff00001ef64660 x29: ffff00001ef64660 x28: ffff000009bc1070 x27: ffff000009bc0ad8 x26: ffff000009bc0900 x25: ffff00001ef647a8 x24: 0000000000000000 x23: ffff000009bc0900 x22: ffff000009bc0900 x21: ffff00000ac0e000 x20: ffff00000a279e00 x19: ffff00001ef646e8 x18: 0000000000000000 x17: ffff800016468000 x16: ffff00001ef608c0 x15: 0010533c93f64f80 x14: 0010395c9faa3946 x13: 0000000000000000 x12: 00000000fa83b2da x11: 000000012edeceea x10: ffff0000010fbe00 x9 : 0000000000895440 x8 : 000000000010533c x7 : ffff00000ad8b740 x6 : ffff00000c350880 x5 : 0000000000000007 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000001 x0 : ffff00000ac0e0e8 Call trace: queued_spin_lock_slowpath+0x58/0x2d0 ieee80211_tx+0x80/0x12c ieee80211_tx_pending+0x110/0x278 tasklet_action_common.constprop.0+0x10c/0x144 tasklet_action+0x20/0x28 _stext+0x11c/0x284 ____do_softirq+0xc/0x14 call_on_irq_stack+0x24/0x34 do_softirq_own_stack+0x18/0x20 do_softirq+0x74/0x7c __local_bh_enable_ip+0xa0/0xa4 _ieee80211_wake_txqs+0x3b0/0x4b8 __ieee80211_wake_queue+0x12c/0x168 ieee80211_add_pending_skbs+0xec/0x138 ieee80211_sta_ps_deliver_wakeup+0x2a4/0x480 ieee80211_mps_sta_status_update.part.0+0xd8/0x11c ieee80211_mps_sta_status_update+0x18/0x24 sta_apply_parameters+0x3bc/0x4c0 ieee80211_change_station+0x1b8/0x2dc nl80211_set_station+0x444/0x49c genl_family_rcv_msg_doit.isra.0+0xa4/0xfc genl_rcv_msg+0x1b0/0x244 netlink_rcv_skb+0x38/0x10c genl_rcv+0x34/0x48 netlink_unicast+0x254/0x2bc netlink_sendmsg+0x190/0x3b4 ____sys_sendmsg+0x1e8/0x218 ___sys_sendmsg+0x68/0x8c __sys_sendmsg+0x44/0x84 __arm64_sys_sendmsg+0x20/0x28 do_el0_svc+0x6c/0xe8 el0_svc+0x14/0x48 el0t_64_sync_handler+0xb0/0xb4 el0t_64_sync+0x14c/0x150Using spin_lock_bh()/spin_unlock_bh() instead prevents softirq to raiseon the same CPU that is holding the lock.The Linux kernel CVE team has assigned CVE-2024-40912 to this issue. openEuler评分: 5.5 Vector:CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 受影响版本排查(受影响/不受影响): 1.openEuler-20.03-LTS-SP4(4.19.90):受影响 2.openEuler-22.03-LTS-SP1(5.10.0):受影响 3.openEuler-22.03-LTS-SP3(5.10.0):受影响 4.openEuler-24.03-LTS(6.6.0):受影响 5.openEuler-22.03-LTS-SP4(5.10.0):不受影响 6.master(6.1.0):不受影响 7.openEuler-24.03-LTS-Next(6.6.0):不受影响 修复是否涉及abi变化(是/否): 1.openEuler-20.03-LTS-SP4(4.19.90):否 2.openEuler-22.03-LTS-SP1(5.10.0):否 3.openEuler-22.03-LTS-SP3(5.10.0):否 4.master(6.1.0):否 5.openEuler-24.03-LTS(6.6.0):否 6.openEuler-24.03-LTS-Next(6.6.0):否 7.openEuler-22.03-LTS-SP4(5.10.0):否 三、漏洞修复 安全公告链接:https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2024-1897
Comments (
27
)
Sign in
to comment
Status
Done
Backlog
已挂起
Doing
Done
Declined
Assignees
Not set
Labels
CVE/FIXED
sig/Kernel
Not set
Projects
Unprojected
Unprojected
Pull Requests
None yet
None yet
Successfully merging a pull request will close this issue.
Branches
No related branch
Branches (
-
)
Tags (
-
)
Planed to start   -   Planed to end
-
Top level
Not Top
Top Level: High
Top Level: Medium
Top Level: Low
Priority
Not specified
Serious
Main
Secondary
Unimportant
Duration
(hours)
参与者(2)
1
https://gitee.com/src-openeuler/kernel.git
git@gitee.com:src-openeuler/kernel.git
src-openeuler
kernel
kernel
Going to Help Center
Search
Git 命令在线学习
如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
Comment
Repository Report
Back to the top
Login prompt
This operation requires login to the code cloud account. Please log in before operating.
Go to login
No account. Register