Bug 1224724 (CVE-2024-35785) - VUL-0: CVE-2024-35785: kernel: tee: optee: Fix kernel panic caused by incorrect error handling
Summary: VUL-0: CVE-2024-35785: kernel: tee: optee: Fix kernel panic caused by incorre...
Status: RESOLVED FIXED
Alias: CVE-2024-35785
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/406364/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-35785:5.5:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-05-20 16:08 UTC by SMASH SMASH
Modified: 2024-05-29 12:26 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-05-20 16:08:44 UTC 
In the Linux kernel, the following vulnerability has been resolved:

tee: optee: Fix kernel panic caused by incorrect error handling

The error path while failing to register devices on the TEE bus has a
bug leading to kernel panic as follows:

[   15.398930] Unable to handle kernel paging request at virtual address ffff07ed00626d7c
[   15.406913] Mem abort info:
[   15.409722]   ESR = 0x0000000096000005
[   15.413490]   EC = 0x25: DABT (current EL), IL = 32 bits
[   15.418814]   SET = 0, FnV = 0
[   15.421878]   EA = 0, S1PTW = 0
[   15.425031]   FSC = 0x05: level 1 translation fault
[   15.429922] Data abort info:
[   15.432813]   ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
[   15.438310]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[   15.443372]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[   15.448697] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000000d9e3e000
[   15.455413] [ffff07ed00626d7c] pgd=1800000bffdf9003, p4d=1800000bffdf9003, pud=0000000000000000
[   15.464146] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP

Commit 7269cba53d90 ("tee: optee: Fix supplicant based device enumeration")
lead to the introduction of this bug. So fix it appropriately.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-35785
https://www.cve.org/CVERecord?id=CVE-2024-35785
https://git.kernel.org/stable/c/4b12ff5edd141926d49c9ace4791adf3a4902fe7
https://git.kernel.org/stable/c/520f79c110ff712b391b3d87fcacf03c74bc56ee
https://git.kernel.org/stable/c/95915ba4b987cf2b222b0f251280228a1ff977ac
https://git.kernel.org/stable/c/bc40ded92af55760d12bec8222d4108de725dbe4
https://git.kernel.org/stable/c/bfa344afbe472a9be08f78551fa2190c1a07d7d3
https://git.kernel.org/stable/c/e5b5948c769aa1ebf962dddfb972f87d8f166f95
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-35785.mbox
https://bugzilla.redhat.com/show_bug.cgi?id=2281065
Comment 1 Joey Lee 2024-05-21 06:57:59 UTC 
https://www.suse.com/security/cve/CVE-2024-35785.html
cvss 5.5
Comment 2 Joey Lee 2024-05-23 11:15:42 UTC 
joeyli@linux-691t:/mnt/working/source_code-git/kernel-source> ./scripts/check-kernel-fix CVE-2024-35785
95915ba4b987 ("tee: optee: Fix kernel panic caused by incorrect error handling") merged v6.8~21^2~2^2
Fixes: 7269cba53d90 ("tee: optee: Fix supplicant based device enumeration") merged v6.7-rc5~25^2~8^2
Security fix for CVE-2024-35785 bsc#1224724 with CVSS 5.5
Experts candidates: tiwai@suse.de 
..............................
NO ACTION NEEDED: All relevant branches contain the fix!

Does not affect any branch. reset assignee
Comment 3 Andrea Mattiazzo 2024-05-29 12:26:46 UTC 
All done, closing.