CVE-2024-50111
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
05/11/2024
Last modified:
08/11/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context<br />
<br />
Unaligned access exception can be triggered in irq-enabled context such<br />
as user mode, in this case do_ale() may call get_user() which may cause<br />
sleep. Then we will get:<br />
<br />
BUG: sleeping function called from invalid context at arch/loongarch/kernel/access-helper.h:7<br />
in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 129, name: modprobe<br />
preempt_count: 0, expected: 0<br />
RCU nest depth: 0, expected: 0<br />
CPU: 0 UID: 0 PID: 129 Comm: modprobe Tainted: G W 6.12.0-rc1+ #1723<br />
Tainted: [W]=WARN<br />
Stack : 9000000105e0bd48 0000000000000000 9000000003803944 9000000105e08000<br />
9000000105e0bc70 9000000105e0bc78 0000000000000000 0000000000000000<br />
9000000105e0bc78 0000000000000001 9000000185e0ba07 9000000105e0b890<br />
ffffffffffffffff 9000000105e0bc78 73924b81763be05b 9000000100194500<br />
000000000000020c 000000000000000a 0000000000000000 0000000000000003<br />
00000000000023f0 00000000000e1401 00000000072f8000 0000007ffbb0e260<br />
0000000000000000 0000000000000000 9000000005437650 90000000055d5000<br />
0000000000000000 0000000000000003 0000007ffbb0e1f0 0000000000000000<br />
0000005567b00490 0000000000000000 9000000003803964 0000007ffbb0dfec<br />
00000000000000b0 0000000000000007 0000000000000003 0000000000071c1d<br />
...<br />
Call Trace:<br />
[] show_stack+0x64/0x1a0<br />
[] dump_stack_lvl+0x74/0xb0<br />
[] __might_resched+0x154/0x1a0<br />
[] emulate_load_store_insn+0x6c/0xf60<br />
[] do_ale+0x78/0x180<br />
[] handle_ale+0x128/0x1e0<br />
<br />
So enable IRQ if unaligned access exception is triggered in irq-enabled<br />
context to fix it.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.6.59 (excluding) | |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.11.6 (excluding) |
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page