CVE-2024-44950

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> serial: sc16is7xx: fix invalid FIFO access with special register set<br /> <br /> When enabling access to the special register set, Receiver time-out and<br /> RHR interrupts can happen. In this case, the IRQ handler will try to read<br /> from the FIFO thru the RHR register at address 0x00, but address 0x00 is<br /> mapped to DLL register, resulting in erroneous FIFO reading.<br /> <br /> Call graph example:<br /> sc16is7xx_startup(): entry<br /> sc16is7xx_ms_proc(): entry<br /> sc16is7xx_set_termios(): entry<br /> sc16is7xx_set_baud(): DLH/DLL = $009C --&gt; access special register set<br /> sc16is7xx_port_irq() entry --&gt; IIR is 0x0C<br /> sc16is7xx_handle_rx() entry<br /> sc16is7xx_fifo_read(): --&gt; unable to access FIFO (RHR) because it is<br /> mapped to DLL (LCR=LCR_CONF_MODE_A)<br /> sc16is7xx_set_baud(): exit --&gt; Restore access to general register set<br /> <br /> Fix the problem by claiming the efr_lock mutex when accessing the Special<br /> register set.