1223632 – (CVE-2024-26975) VUL-0: CVE-2024-26975: kernel: powercap: intel_rapl: Fix a NULL pointer dereference

Bug 1223632 (CVE-2024-26975) - VUL-0: CVE-2024-26975: kernel: powercap: intel_rapl: Fix a NULL pointer dereference

Summary: VUL-0: CVE-2024-26975: kernel: powercap: intel_rapl: Fix a NULL pointer deref...

Status:	RESOLVED FIXED

Alias:	CVE-2024-26975

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/403746/
Whiteboard:	CVSSv3.1:SUSE:CVE-2024-26975:5.5:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-05-02 08:28 UTC by SMASH SMASH
Modified:	2024-07-08 14:38 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-05-02 08:28:11 UTC

In the Linux kernel, the following vulnerability has been resolved:

powercap: intel_rapl: Fix a NULL pointer dereference

A NULL pointer dereference is triggered when probing the MMIO RAPL
driver on platforms with CPU ID not listed in intel_rapl_common CPU
model list.

This is because the intel_rapl_common module still probes on such
platforms even if 'defaults_msr' is not set after commit 1488ac990ac8
("powercap: intel_rapl: Allow probing without CPUID match"). Thus the
MMIO RAPL rp->priv->defaults is NULL when registering to RAPL framework.

Fix the problem by adding sanity check to ensure rp->priv->rapl_defaults
is always valid.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-26975
https://www.cve.org/CVERecord?id=CVE-2024-26975
https://git.kernel.org/stable/c/0641908b906a133f1494c312a71f9fecbe2b6c78
https://git.kernel.org/stable/c/2d1f5006ff95770da502f8cee2a224a1ff83866e
https://git.kernel.org/stable/c/2f73cf2ae5e0f4e629db5be3a4380ff7807148e6
https://git.kernel.org/stable/c/9b254feb249981b66ccdb1dae54e757789a15ba1
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-26975.mbox
https://bugzilla.redhat.com/show_bug.cgi?id=2278352

Comment 2 Thomas Renninger 2024-05-07 13:17:21 UTC

The stable patches mention:
Cc: 6.5+ <stable@vger.kernel.org> # 6.5+

SLE 15 SP6/ALP is 6.4.
-> no action needed.

Mainline currently is v6.9-rc7, 6.9 should be published soon, for Tumbleweed it may be enough to wait some weeks until we get this patch anyway?

Comment 11 Thomas Renninger 2024-05-22 16:19:18 UTC

> Please assign it back to the security team if nothing else is pending.
Done.

Comment 14 Andrea Mattiazzo 2024-06-05 12:54:47 UTC

All done, closing.