|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2024-38615: kernel: cpufreq: exit() callback is optional | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | SMASH SMASH <smash_bz> |
| Component: | Incidents | Assignee: | Giovanni Gherdovich <giovanni.gherdovich> |
| Status: | NEW --- | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | abergmann, gabriel.bertazi |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/411418/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2024-38615:4.4:(AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
SMASH SMASH
2024-06-20 11:17:44 UTC
Hi Giovanni,
Please notice this has a behavior change that is not documented in the commit message, and I'm not sure it is intended. Before this patch, __cpufreq_offline wouldn't call ->exit() if ->offline() existed, but now it does. Is this correct?
We are missing a backport to 15SP5 (see below). Can you handle it? CVSS is 4.4.
b8f85833c057 ("cpufreq: exit() callback is optional") merged vfs-6.10-rc2.fixes~104^2~2^2~5
Fixes: 91a12e91dc39 ("cpufreq: Allow light-weight tear down and bring up of CPUs") merged v5.1-rc1~151^2~1^2~1^2~15
Fixes: f339f3541701 ("cpufreq: Rearrange locking in cpufreq_remove_dev()") merged v5.19-rc1~182^2~2^2~7
Security fix for CVE-2024-38615 bsc#1226592 with CVSS 4.4
Experts candidates: ggherdov@suse.cz trenn@suse.de
.......................
ACTION NEEDED!
SLE15-SP5: MANUAL: backport b8f85833c05730d631576008daaa34096bc7f3ce (Fixes 91a12e91dc39)
|