Bugzilla – Bug 1224616
VUL-0: CVE-2024-35816: kernel: firewire: ohci: prevent leak of left-over IRQ on unbind
Last modified: 2024-05-29 12:02:38 UTC
In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: prevent leak of left-over IRQ on unbind Commit 5a95f1ded28691e6 ("firewire: ohci: use devres for requested IRQ") also removed the call to free_irq() in pci_remove(), leading to a leftover irq of devm_request_irq() at pci_disable_msi() in pci_remove() when unbinding the driver from the device remove_proc_entry: removing non-empty directory 'irq/136', leaking at least 'firewire_ohci' Call Trace: ? remove_proc_entry+0x19c/0x1c0 ? __warn+0x81/0x130 ? remove_proc_entry+0x19c/0x1c0 ? report_bug+0x171/0x1a0 ? console_unlock+0x78/0x120 ? handle_bug+0x3c/0x80 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? remove_proc_entry+0x19c/0x1c0 unregister_irq_proc+0xf4/0x120 free_desc+0x3d/0xe0 ? kfree+0x29f/0x2f0 irq_free_descs+0x47/0x70 msi_domain_free_locked.part.0+0x19d/0x1d0 msi_domain_free_irqs_all_locked+0x81/0xc0 pci_free_msi_irqs+0x12/0x40 pci_disable_msi+0x4c/0x60 pci_remove+0x9d/0xc0 [firewire_ohci 01b483699bebf9cb07a3d69df0aa2bee71db1b26] pci_device_remove+0x37/0xa0 device_release_driver_internal+0x19f/0x200 unbind_store+0xa1/0xb0 remove irq with devm_free_irq() before pci_disable_msi() also remove it in fail_msi: of pci_probe() as this would lead to an identical leak References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-35816 https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-35816.mbox https://git.kernel.org/stable/c/43c70cbc2502cf2557105c662eeed6a15d082b88 https://git.kernel.org/stable/c/318f6d53dd425c400e35f1a9b7af682c2c6a66d6 https://git.kernel.org/stable/c/575801663c7dc38f826212b39e3b91a4a8661c33 https://www.cve.org/CVERecord?id=CVE-2024-35816 https://bugzilla.redhat.com/show_bug.cgi?id=2281204
https://www.suse.com/security/cve/CVE-2024-35816.html cvss 5.5
Nothing to be done
All done, closing.