Bug 1223632 (CVE-2024-26975)

Summary: VUL-0: CVE-2024-26975: kernel: powercap: intel_rapl: Fix a NULL pointer dereference
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: gabriele.sonnu, vasant.karasulli
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/403746/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-26975:5.5:(AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-05-02 08:28:11 UTC 
In the Linux kernel, the following vulnerability has been resolved:

powercap: intel_rapl: Fix a NULL pointer dereference

A NULL pointer dereference is triggered when probing the MMIO RAPL
driver on platforms with CPU ID not listed in intel_rapl_common CPU
model list.

This is because the intel_rapl_common module still probes on such
platforms even if 'defaults_msr' is not set after commit 1488ac990ac8
("powercap: intel_rapl: Allow probing without CPUID match"). Thus the
MMIO RAPL rp->priv->defaults is NULL when registering to RAPL framework.

Fix the problem by adding sanity check to ensure rp->priv->rapl_defaults
is always valid.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-26975
https://www.cve.org/CVERecord?id=CVE-2024-26975
https://git.kernel.org/stable/c/0641908b906a133f1494c312a71f9fecbe2b6c78
https://git.kernel.org/stable/c/2d1f5006ff95770da502f8cee2a224a1ff83866e
https://git.kernel.org/stable/c/2f73cf2ae5e0f4e629db5be3a4380ff7807148e6
https://git.kernel.org/stable/c/9b254feb249981b66ccdb1dae54e757789a15ba1
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-26975.mbox
https://bugzilla.redhat.com/show_bug.cgi?id=2278352
Comment 2 Thomas Renninger 2024-05-07 13:17:21 UTC 
The stable patches mention:
Cc: 6.5+ <stable@vger.kernel.org> # 6.5+

SLE 15 SP6/ALP is 6.4.
-> no action needed.

Mainline currently is v6.9-rc7, 6.9 should be published soon, for Tumbleweed it may be enough to wait some weeks until we get this patch anyway?
Comment 11 Thomas Renninger 2024-05-22 16:19:18 UTC 
> Please assign it back to the security team if nothing else is pending.
Done.
Comment 14 Andrea Mattiazzo 2024-06-05 12:54:47 UTC 
All done, closing.