Fixed
Created: May 30, 2024
Updated: Jun 4, 2024
Resolved Date: May 30, 2024
Found In Version: 10.23.30.1
Fix Version: 10.23.30.11
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:firewire: ohci: mask bus reset interrupts between ISR and bottom halfIn the FireWire OHCI interrupt handler, if a bus reset interrupt hasoccurred, mask bus reset interrupts until bus_reset_work has serviced andcleared the interrupt.Normally, we always leave bus reset interrupts masked. We infer the busreset from the self-ID interrupt that happens shortly thereafter. Ascenario where we unmask bus reset interrupts was introduced in 2008 ina007bb857e0b26f5d8b73c2ff90782d9c0972620: IfOHCI_PARAM_DEBUG_BUSRESETS (8) is set in the debug parameter bitmask, wewill unmask bus reset interrupts so we can log them.irq_handler logs the bus reset interrupt. However, we can't clear the busreset event flag in irq_handler, because we won't service the event untillater. irq_handler exits with the event flag still set. If thecorresponding interrupt is still unmasked, the first bus reset willusually freeze the system due to irq_handler being called again eachtime it exits. This freeze can be reproduced by loading firewire_ohciwith "modprobe firewire_ohci debug=-1" (to enable all debugging output).Apparently there are also some cases where bus_reset_work will get calledsoon enough to clear the event, and operation will continue normally.This freeze was first reported a few months after a007bb85 was committed,but until now it was never fixed. The debug level could safely be setto -1 through sysfs after the module was loaded, but this would beineffectual in logging bus reset interrupts since they were onlyunmasked during initialization.irq_handler will now leave the event flag set but mask bus resetinterrupts, so irq_handler won't be called again and there will be nofreeze. If OHCI_PARAM_DEBUG_BUSRESETS is enabled, bus_reset_work willunmask the interrupt after servicing the event, so future interruptswill be caught as desired.As a side effect to this change, OHCI_PARAM_DEBUG_BUSRESETS can now beenabled through sysfs in addition to during initial module loading.However, when enabled through sysfs, logging of bus reset interrupts willbe effective only starting with the second bus reset, afterbus_reset_work has executed.
CREATE(Triage):(User=admin) CVE-2024-36950 (https://nvd.nist.gov/vuln/detail/CVE-2024-36950)
