scsi: pm80xx: Set phy->enable_completion only when we wait for it
CVE-2024-47666
Key Information:
- Vendor
- Linux
- Status
- Linux
- Vendor
- CVE Published:
- 9 October 2024
Badges
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: pm80xx: Set phy->enable_completion only when we wait for it
pm8001_phy_control() populates the enable_completion pointer with a stack address, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and returns. The problem arises when a phy control response comes late. After 300 ms the pm8001_phy_control() function returns and the passed enable_completion stack address is no longer valid. Late phy control response invokes complete() on a dangling enable_completion pointer which leads to a kernel crash.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7b1d779647afaea9185fa2f150b1721e7c1aae89
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
News Articles
prophaze.comCVE-2024-47666CVE-2024-47666 : LINUX KERNEL UP TO 6.6.50/6.10.9 PM80XX PM8001_PHY_CONTROL STACK-BASED OVERFLOW - Cloud WAF
CVE-2024-47666 : In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Set phy->enable_completion only when we wait for it pm8001_phy_control() populates the enable_completion pointer with a stack address, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and returns...
3 months ago
References
CVSS V3.1
Timeline
- πΎ
Exploit known to exist
- π°
First article discovered by prophaze.com
Vulnerability published