CVE - CVE-2024-26650

CVE-ID
CVE-2024-26650	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe p2sb_bar() unhides P2SB device to get resources from the device. It guards the operation by locking pci_rescan_remove_lock so that parallel rescans do not find the P2SB device. However, this lock causes deadlock when PCI bus rescan is triggered by /sys/bus/pci/rescan. The rescan locks pci_rescan_remove_lock and probes PCI devices. When PCI devices call p2sb_bar() during probe, it locks pci_rescan_remove_lock again. Hence the deadlock. To avoid the deadlock, do not lock pci_rescan_remove_lock in p2sb_bar(). Instead, do the lock at fs_initcall. Introduce p2sb_cache_resources() for fs_initcall which gets and caches the P2SB resources. At p2sb_bar(), refer the cache and return to the caller. Before operating the device at P2SB DEVFN for resource cache, check that its device class is PCI_CLASS_MEMORY_OTHER 0x0580 that PCH specifications define. This avoids unexpected operation to other devices at the same DEVFN. Tested-by Klara Modin <klarasmodin@gmail.com>
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/2841631a03652f32b595c563695d0461072e0de4 URL:https://git.kernel.org/stable/c/2841631a03652f32b595c563695d0461072e0de4 MISC:https://git.kernel.org/stable/c/5913320eb0b3ec88158cfcb0fa5e996bf4ef681b URL:https://git.kernel.org/stable/c/5913320eb0b3ec88158cfcb0fa5e996bf4ef681b MISC:https://git.kernel.org/stable/c/847e1eb30e269a094da046c08273abe3f3361cf2 URL:https://git.kernel.org/stable/c/847e1eb30e269a094da046c08273abe3f3361cf2 MISC:https://git.kernel.org/stable/c/d281ac9a987c553d93211b90fd4fe97d8eca32cd URL:https://git.kernel.org/stable/c/d281ac9a987c553d93211b90fd4fe97d8eca32cd
Assigning CNA
kernel.org
Date Record Created
20240219	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240219)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)