CVE-2024-44951

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> serial: sc16is7xx: fix TX fifo corruption<br /> <br /> Sometimes, when a packet is received on channel A at almost the same time<br /> as a packet is about to be transmitted on channel B, we observe with a<br /> logic analyzer that the received packet on channel A is transmitted on<br /> channel B. In other words, the Tx buffer data on channel B is corrupted<br /> with data from channel A.<br /> <br /> The problem appeared since commit 4409df5866b7 ("serial: sc16is7xx: change<br /> EFR lock to operate on each channels"), which changed the EFR locking to<br /> operate on each channel instead of chip-wise.<br /> <br /> This commit has introduced a regression, because the EFR lock is used not<br /> only to protect the EFR registers access, but also, in a very obscure and<br /> undocumented way, to protect access to the data buffer, which is shared by<br /> the Tx and Rx handlers, but also by each channel of the IC.<br /> <br /> Fix this regression first by switching to kfifo_out_linear_ptr() in<br /> sc16is7xx_handle_tx() to eliminate the need for a shared Rx/Tx buffer.<br /> <br /> Secondly, replace the chip-wise Rx buffer with a separate Rx buffer for<br /> each channel.