CVE-2024-58004

Summary

In the Linux kernel, the following vulnerability has been resolved:

media: intel/ipu6: remove cpu latency qos request on error

Fix cpu latency qos list corruption like below. It happens when we do not remove cpu latency request on error path and free corresponding memory.

[ 30.634378] l7 kernel: list_add corruption. prev->next should be next (ffffffff9645e960), but was 0000000100100001. (prev=ffff8e9e877e20a8). [ 30.634388] l7 kernel: WARNING: CPU: 2 PID: 2008 at lib/list_debug.c:32 __list_add_valid_or_report+0x83/0xa0 <snip> [ 30.634640] l7 kernel: Call Trace: [ 30.634650] l7 kernel: <TASK> [ 30.634659] l7 kernel: ? __list_add_valid_or_report+0x83/0xa0 [ 30.634669] l7 kernel: ? __warn.cold+0x93/0xf6 [ 30.634678] l7 kernel: ? __list_add_valid_or_report+0x83/0xa0 [ 30.634690] l7 kernel: ? report_bug+0xff/0x140 [ 30.634702] l7 kernel: ? handle_bug+0x58/0x90 [ 30.634712] l7 kernel: ? exc_invalid_op+0x17/0x70 [ 30.634723] l7 kernel: ? asm_exc_invalid_op+0x1a/0x20 [ 30.634733] l7 kernel: ? __list_add_valid_or_report+0x83/0xa0 [ 30.634742] l7 kernel: plist_add+0xdd/0x140 [ 30.634754] l7 kernel: pm_qos_update_target+0xa0/0x1f0 [ 30.634764] l7 kernel: cpu_latency_qos_update_request+0x61/0xc0 [ 30.634773] l7 kernel: intel_dp_aux_xfer+0x4c7/0x6e0 [i915 1f824655ed04687c2b0d23dbce759fa785f6d033]

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxf50c4ca0a82003b8a542c3332fd292cf1bc355a2 < 1496ec94bd38bdb25ca13b1dd4f8e7a6176ea89daffected
LinuxLinuxf50c4ca0a82003b8a542c3332fd292cf1bc355a2 < 95275736185ecb71dc97a71d8d9d19e4ffb0a9ebaffected
LinuxLinuxf50c4ca0a82003b8a542c3332fd292cf1bc355a2 < facb541ff0805314e0b56e508f7d3cbd07af513caffected
LinuxLinux6.10affected
LinuxLinux0 < 6.10unaffected
LinuxLinux6.12.14 <= 6.12.*unaffected
LinuxLinux6.13.3 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

References