Bug 1220336 (CVE-2024-26605)

Summary: VUL-0: CVE-2024-26605: kernel: PCI/ASPM: deadlock when enabling ASPM
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: carlos.lopez, vasant.karasulli
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/395093/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-26605:5.5:(AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-02-26 10:21:33 UTC 
In the Linux kernel, the following vulnerability has been resolved:

PCI/ASPM: Fix deadlock when enabling ASPM

The Linux kernel CVE team has assigned CVE-2024-26605 to this issue.

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024022419-CVE-2024-26605-7b06@gregkh/T/#u

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-26605
https://bugzilla.redhat.com/show_bug.cgi?id=2265831
Comment 1 Carlos López 2024-02-26 10:23:17 UTC 
cve/linux-5.14 is affected. SLE15-SP6, stable and master are already fixed.
Comment 3 Jiri Slaby 2024-03-04 11:05:41 UTC 
FTR the fix is:
commit 1e560864159d002b453da42bd2c13a1805515a20
Author: Johan Hovold <johan+linaro@kernel.org>
Date:   Tue Jan 30 11:02:43 2024 +0100

    PCI/ASPM: Fix deadlock when enabling ASPM
Comment 4 Jiri Slaby 2024-03-04 11:49:42 UTC 
FTR
Fixes: f93e71aea6c6 ("Revert "PCI/ASPM: Remove pcie_aspm_pm_state_change()"")
from v6.7. Despite cve-5.14 has that, qcom in there does NOT support ASPM (added in 9f4f3dfad8cf (PCI: qcom: Enable ASPM for platforms supporting 1.9.0 ops)).

So:
(In reply to Carlos López from comment #1)
> cve/linux-5.14 is affected.

This is not affected.

> SLE15-SP6, stable

And I added references here.
Comment 5 Carlos López 2024-03-04 12:33:21 UTC 
(In reply to Jiri Slaby from comment #4)
> FTR
> Fixes: f93e71aea6c6 ("Revert "PCI/ASPM: Remove pcie_aspm_pm_state_change()"")
> from v6.7. Despite cve-5.14 has that, qcom in there does NOT support ASPM
> (added in 9f4f3dfad8cf (PCI: qcom: Enable ASPM for platforms supporting
> 1.9.0 ops)).
> 
> So:
> (In reply to Carlos López from comment #1)
> > cve/linux-5.14 is affected.
> 
> This is not affected.

Thanks for checking, I've updated the tracking
Comment 17 Gabriele Sonnu 2024-06-12 11:54:28 UTC 
All done, closing.