CVE-2024-36950

{"id": "CVE-2024-36950", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2024-05-30T16:15:18.000", "references": [{"url": "https://git.kernel.org/stable/c/31279bbca40d2f40cb3bbb6d538ec9620a645dec", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/4f9cc355c328fc4f41cbd9c4cd58b235184fa420", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5982887de60c1b84f9c0ca07c835814d07fd1da0", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6fafe3661712b143d9c69a7322294bd53f559d5d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/752e3c53de0fa3b7d817a83050b6699b8e9c6ec9", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8643332aac0576581cfdf01798ea3e4e0d624b61", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fa273f312334246c909475c5868e6daab889cc8c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/31279bbca40d2f40cb3bbb6d538ec9620a645dec", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/4f9cc355c328fc4f41cbd9c4cd58b235184fa420", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/5982887de60c1b84f9c0ca07c835814d07fd1da0", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/6fafe3661712b143d9c69a7322294bd53f559d5d", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/752e3c53de0fa3b7d817a83050b6699b8e9c6ec9", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/8643332aac0576581cfdf01798ea3e4e0d624b61", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/fa273f312334246c909475c5868e6daab889cc8c", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html", "tags": ["Third Party Advisory", "Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["Third Party Advisory", "Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirewire: ohci: mask bus reset interrupts between ISR and bottom half\n\nIn the FireWire OHCI interrupt handler, if a bus reset interrupt has\noccurred, mask bus reset interrupts until bus_reset_work has serviced and\ncleared the interrupt.\n\nNormally, we always leave bus reset interrupts masked. We infer the bus\nreset from the self-ID interrupt that happens shortly thereafter. A\nscenario where we unmask bus reset interrupts was introduced in 2008 in\na007bb857e0b26f5d8b73c2ff90782d9c0972620: If\nOHCI_PARAM_DEBUG_BUSRESETS (8) is set in the debug parameter bitmask, we\nwill unmask bus reset interrupts so we can log them.\n\nirq_handler logs the bus reset interrupt. However, we can't clear the bus\nreset event flag in irq_handler, because we won't service the event until\nlater. irq_handler exits with the event flag still set. If the\ncorresponding interrupt is still unmasked, the first bus reset will\nusually freeze the system due to irq_handler being called again each\ntime it exits. This freeze can be reproduced by loading firewire_ohci\nwith \"modprobe firewire_ohci debug=-1\" (to enable all debugging output).\nApparently there are also some cases where bus_reset_work will get called\nsoon enough to clear the event, and operation will continue normally.\n\nThis freeze was first reported a few months after a007bb85 was committed,\nbut until now it was never fixed. The debug level could safely be set\nto -1 through sysfs after the module was loaded, but this would be\nineffectual in logging bus reset interrupts since they were only\nunmasked during initialization.\n\nirq_handler will now leave the event flag set but mask bus reset\ninterrupts, so irq_handler won't be called again and there will be no\nfreeze. If OHCI_PARAM_DEBUG_BUSRESETS is enabled, bus_reset_work will\nunmask the interrupt after servicing the event, so future interrupts\nwill be caught as desired.\n\nAs a side effect to this change, OHCI_PARAM_DEBUG_BUSRESETS can now be\nenabled through sysfs in addition to during initial module loading.\nHowever, when enabled through sysfs, logging of bus reset interrupts will\nbe effective only starting with the second bus reset, after\nbus_reset_work has executed."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firewire: ohci: enmascara las interrupciones de reinicio del bus entre ISR y la mitad inferior. En el controlador de interrupciones FireWire OHCI, si se ha producido una interrupci\u00f3n de reinicio del bus, enmascara las interrupciones de reinicio del bus hasta que bus_reset_work haya sido reparado y borrado la interrupci\u00f3n. Normalmente, siempre dejamos enmascaradas las interrupciones de reinicio del bus. Inferimos el reinicio del bus a partir de la interrupci\u00f3n de la autoidentificaci\u00f3n que ocurre poco despu\u00e9s. En 2008 se introdujo un escenario en el que desenmascaramos las interrupciones de reinicio del bus en a007bb857e0b26f5d8b73c2ff90782d9c0972620: Si OHCI_PARAM_DEBUG_BUSRESETS (8) est\u00e1 configurado en la m\u00e1scara de bits del par\u00e1metro de depuraci\u00f3n, desenmascararemos las interrupciones de reinicio del bus para poder registrarlas. irq_handler registra la interrupci\u00f3n de reinicio del bus. Sin embargo, no podemos borrar el indicador de evento de reinicio del bus en irq_handler porque no atenderemos el evento hasta m\u00e1s tarde. irq_handler sale con el indicador de evento a\u00fan configurado. Si la interrupci\u00f3n correspondiente a\u00fan est\u00e1 desenmascarada, el primer reinicio del bus generalmente congelar\u00e1 el sistema debido a que se vuelve a llamar a irq_handler cada vez que sale. Esta congelaci\u00f3n se puede reproducir cargando firewire_ohci con \"modprobe firewire_ohci debug=-1\" (para habilitar todos los resultados de depuraci\u00f3n). Aparentemente, tambi\u00e9n hay algunos casos en los que se llamar\u00e1 a bus_reset_work lo suficientemente pronto como para borrar el evento y la operaci\u00f3n continuar\u00e1 normalmente. Esta congelaci\u00f3n se inform\u00f3 por primera vez unos meses despu\u00e9s del commit a007bb85, pero hasta ahora nunca se hab\u00eda solucionado. El nivel de depuraci\u00f3n podr\u00eda establecerse de forma segura en -1 a trav\u00e9s de sysfs despu\u00e9s de cargar el m\u00f3dulo, pero esto ser\u00eda ineficaz para registrar las interrupciones de reinicio del bus ya que s\u00f3lo se desenmascararon durante la inicializaci\u00f3n. irq_handler ahora dejar\u00e1 establecido el indicador de evento pero enmascarar\u00e1 las interrupciones de reinicio del bus, por lo que no se volver\u00e1 a llamar a irq_handler y no se congelar\u00e1. Si OHCI_PARAM_DEBUG_BUSRESETS est\u00e1 habilitado, bus_reset_work desenmascarar\u00e1 la interrupci\u00f3n despu\u00e9s de atender el evento, por lo que las interrupciones futuras se detectar\u00e1n seg\u00fan se desee. Como efecto secundario de este cambio, OHCI_PARAM_DEBUG_BUSRESETS ahora se puede habilitar a trav\u00e9s de sysfs adem\u00e1s de durante la carga inicial del m\u00f3dulo. Sin embargo, cuando se habilita a trav\u00e9s de sysfs, el registro de interrupciones de reinicio del bus ser\u00e1 efectivo solo a partir del segundo reinicio del bus, despu\u00e9s de que se haya ejecutado bus_reset_work."}], "lastModified": "2025-12-17T03:29:40.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1350A539-B5DC-4612-9B61-E5516FD777D5", "versionEndExcluding": "4.19.314"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "126C6EEC-8874-4233-AE09-634924FCDDF4", "versionEndExcluding": "5.4.276", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC67C71C-2044-40BA-B590-61E562F69F89", "versionEndExcluding": "5.10.217", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F16678CD-F7C6-4BF6-ABA8-E7600857197B", "versionEndExcluding": "5.15.159", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F8C886C-75AA-469B-A6A9-12BF1A29C0D5", "versionEndExcluding": "6.1.91", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDDB1F69-36AC-41C1-9192-E7CCEF5FFC00", "versionEndExcluding": "6.6.31", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A6B920C-8D8F-4130-86B4-AD334F4CF2E3", "versionEndExcluding": "6.8.10", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}