CVE-2024-36950
Description
In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and cleared the interrupt. Normally, we always leave bus reset interrupts masked. We infer the bus reset from the self-ID interrupt that happens shortly thereafter. A scenario where we unmask bus reset interrupts was introduced in 2008 in a007bb857e0b26f5d8b73c2ff90782d9c0972620: If OHCI_PARAM_DEBUG_BUSRESETS (8) is set in the debug parameter bitmask, we will unmask bus reset interrupts so we can log them. irq_handler logs the bus reset interrupt. However, we can't clear the bus reset event flag in irq_handler, because we won't service the event until later. irq_handler exits with the event flag still set. If the corresponding interrupt is still unmasked, the first bus reset will usually freeze the system due to irq_handler being called again each time it exits. This freeze can be reproduced by loading firewire_ohci with "modprobe firewire_ohci debug=-1" (to enable all debugging output). Apparently there are also some cases where bus_reset_work will get called soon enough to clear the event, and operation will continue normally. This freeze was first reported a few months after a007bb85 was committed, but until now it was never fixed. The debug level could safely be set to -1 through sysfs after the module was loaded, but this would be ineffectual in logging bus reset interrupts since they were only unmasked during initialization. irq_handler will now leave the event flag set but mask bus reset interrupts, so irq_handler won't be called again and there will be no freeze. If OHCI_PARAM_DEBUG_BUSRESETS is enabled, bus_reset_work will unmask the interrupt after servicing the event, so future interrupts will be caught as desired. As a side effect to this change, OHCI_PARAM_DEBUG_BUSRESETS can now be enabled through sysfs in addition to during initial module loading. However, when enabled through sysfs, logging of bus reset interrupts will be effective only starting with the second bus reset, after bus_reset_work has executed.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-5102.html
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:5102
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-5101.html
Vendor advisory: alma — https://bugzilla.redhat.com/2298108
Vendor advisory: alma — https://bugzilla.redhat.com/2297558
Vendor advisory: alma — https://bugzilla.redhat.com/2297511
Vendor advisory: alma — https://bugzilla.redhat.com/2297474
Vendor advisory: alma — https://bugzilla.redhat.com/2297056
Vendor advisory: alma — https://bugzilla.redhat.com/2296067
Vendor advisory: alma — https://bugzilla.redhat.com/2295914
Vendor advisory: alma — https://bugzilla.redhat.com/2294274
Vendor advisory: alma — https://bugzilla.redhat.com/2293711
Vendor advisory: alma — https://bugzilla.redhat.com/2293700
Vendor advisory: alma — https://bugzilla.redhat.com/2293687
Vendor advisory: alma — https://bugzilla.redhat.com/2293684
Vendor advisory: alma — https://bugzilla.redhat.com/2293657
Vendor advisory: alma — https://bugzilla.redhat.com/2293653
Vendor advisory: alma — https://bugzilla.redhat.com/2293461
Vendor advisory: alma — https://bugzilla.redhat.com/2293444
Vendor advisory: alma — https://bugzilla.redhat.com/2293420
Vendor advisory: alma — https://bugzilla.redhat.com/2293418
Vendor advisory: alma — https://bugzilla.redhat.com/2293383
Vendor advisory: alma — https://bugzilla.redhat.com/2293371
Vendor advisory: alma — https://bugzilla.redhat.com/2293367
Vendor advisory: alma — https://bugzilla.redhat.com/2293348
Vendor advisory: alma — https://bugzilla.redhat.com/2293316
Vendor advisory: alma — https://bugzilla.redhat.com/2293312
Vendor advisory: alma — https://bugzilla.redhat.com/2293276
Vendor advisory: alma — https://bugzilla.redhat.com/2293250
Vendor advisory: alma — https://bugzilla.redhat.com/2293078
Vendor advisory: alma — https://bugzilla.redhat.com/2292331
Vendor advisory: alma — https://bugzilla.redhat.com/2290408
Vendor advisory: alma — https://bugzilla.redhat.com/2284625
Vendor advisory: alma — https://bugzilla.redhat.com/2284590
Vendor advisory: alma — https://bugzilla.redhat.com/2284571
Vendor advisory: alma — https://bugzilla.redhat.com/2284556
Vendor advisory: alma — https://bugzilla.redhat.com/2284541
Vendor advisory: alma — https://bugzilla.redhat.com/2284539
Vendor advisory: alma — https://bugzilla.redhat.com/2284519
Vendor advisory: alma — https://bugzilla.redhat.com/2284513
Vendor advisory: alma — https://bugzilla.redhat.com/2284500
Vendor advisory: alma — https://bugzilla.redhat.com/2284496
Vendor advisory: alma — https://bugzilla.redhat.com/2284488
Vendor advisory: alma — https://bugzilla.redhat.com/2284477
Vendor advisory: alma — https://bugzilla.redhat.com/2284474
Vendor advisory: alma — https://bugzilla.redhat.com/2284465
Vendor advisory: alma — https://bugzilla.redhat.com/2284421
Vendor advisory: alma — https://bugzilla.redhat.com/2284417
Vendor advisory: alma — https://bugzilla.redhat.com/2284400
Vendor advisory: alma — https://bugzilla.redhat.com/2283894
Vendor advisory: alma — https://bugzilla.redhat.com/2283401
Vendor advisory: alma — https://bugzilla.redhat.com/2282950
Vendor advisory: alma — https://bugzilla.redhat.com/2282925
Vendor advisory: alma — https://bugzilla.redhat.com/2282923
Vendor advisory: alma — https://bugzilla.redhat.com/2282896
Vendor advisory: alma — https://bugzilla.redhat.com/2282887
Vendor advisory: alma — https://bugzilla.redhat.com/2282780
Vendor advisory: alma — https://bugzilla.redhat.com/2282772
Vendor advisory: alma — https://bugzilla.redhat.com/2282766
Vendor advisory: alma — https://bugzilla.redhat.com/2282763
Vendor advisory: alma — https://bugzilla.redhat.com/2282759
Vendor advisory: alma — https://bugzilla.redhat.com/2282744
Vendor advisory: alma — https://bugzilla.redhat.com/2282743
Vendor advisory: alma — https://bugzilla.redhat.com/2282742
Vendor advisory: alma — https://bugzilla.redhat.com/2282727
Vendor advisory: alma — https://bugzilla.redhat.com/2282719
Vendor advisory: alma — https://bugzilla.redhat.com/2282717
Vendor advisory: alma — https://bugzilla.redhat.com/2282690
Vendor advisory: alma — https://bugzilla.redhat.com/2282645
Vendor advisory: alma — https://bugzilla.redhat.com/2282642
Vendor advisory: alma — https://bugzilla.redhat.com/2282640
Vendor advisory: alma — https://bugzilla.redhat.com/2282623
Vendor advisory: alma — https://bugzilla.redhat.com/2282615
Vendor advisory: alma — https://bugzilla.redhat.com/2282553
Vendor advisory: alma — https://bugzilla.redhat.com/2282479
Vendor advisory: alma — https://bugzilla.redhat.com/2282373
Vendor advisory: alma — https://bugzilla.redhat.com/2282328
Vendor advisory: alma — https://bugzilla.redhat.com/2281989
Vendor advisory: alma — https://bugzilla.redhat.com/2281968
Vendor advisory: alma — https://bugzilla.redhat.com/2281949
Vendor advisory: alma — https://bugzilla.redhat.com/2281938
Vendor advisory: alma — https://bugzilla.redhat.com/2281833
Vendor advisory: alma — https://bugzilla.redhat.com/2281821
Vendor advisory: alma — https://bugzilla.redhat.com/2281819
Vendor advisory: alma — https://bugzilla.redhat.com/2281758
Vendor advisory: alma — https://bugzilla.redhat.com/2281752
Vendor advisory: alma — https://bugzilla.redhat.com/2281725
Vendor advisory: alma — https://bugzilla.redhat.com/2281682
Vendor advisory: alma — https://bugzilla.redhat.com/2281675
Vendor advisory: alma — https://bugzilla.redhat.com/2281672
Vendor advisory: alma — https://bugzilla.redhat.com/2281667
Vendor advisory: alma — https://bugzilla.redhat.com/2281664
Vendor advisory: alma — https://bugzilla.redhat.com/2281641
Vendor advisory: alma — https://bugzilla.redhat.com/2281636
Vendor advisory: alma — https://bugzilla.redhat.com/2281519
Vendor advisory: alma — https://bugzilla.redhat.com/2281510
Vendor advisory: alma — https://bugzilla.redhat.com/2281360
Vendor advisory: alma — https://bugzilla.redhat.com/2281326
Vendor advisory: alma — https://bugzilla.redhat.com/2281268
Vendor advisory: alma — https://bugzilla.redhat.com/2281235
Vendor advisory: alma — https://bugzilla.redhat.com/2281221
Vendor advisory: alma — https://bugzilla.redhat.com/2281215
Vendor advisory: alma — https://bugzilla.redhat.com/2281207
Vendor advisory: alma — https://bugzilla.redhat.com/2281190
Vendor advisory: alma — https://bugzilla.redhat.com/2281189
Vendor advisory: alma — https://bugzilla.redhat.com/2281149
Vendor advisory: alma — https://bugzilla.redhat.com/2281133
Vendor advisory: alma — https://bugzilla.redhat.com/2281054
Vendor advisory: alma — https://bugzilla.redhat.com/2280440
Vendor advisory: alma — https://bugzilla.redhat.com/2278989
Vendor advisory: alma — https://bugzilla.redhat.com/2278539
Vendor advisory: alma — https://bugzilla.redhat.com/2278535
Vendor advisory: alma — https://bugzilla.redhat.com/2278515
Vendor advisory: alma — https://bugzilla.redhat.com/2278484
Vendor advisory: alma — https://bugzilla.redhat.com/2278380
Vendor advisory: alma — https://bugzilla.redhat.com/2278279
Vendor advisory: alma — https://bugzilla.redhat.com/2278277
Vendor advisory: alma — https://bugzilla.redhat.com/2278258
Vendor advisory: alma — https://bugzilla.redhat.com/2278256
Vendor advisory: alma — https://bugzilla.redhat.com/2278218
Vendor advisory: alma — https://bugzilla.redhat.com/2278182
Vendor advisory: alma — https://bugzilla.redhat.com/2278178
Vendor advisory: alma — https://bugzilla.redhat.com/2278176
Vendor advisory: alma — https://bugzilla.redhat.com/2277840
Vendor advisory: alma — https://bugzilla.redhat.com/2277238
Vendor advisory: alma — https://bugzilla.redhat.com/2277166
Vendor advisory: alma — https://bugzilla.redhat.com/2275928
Vendor advisory: alma — https://bugzilla.redhat.com/2275761
Vendor advisory: alma — https://bugzilla.redhat.com/2275748
Vendor advisory: alma — https://bugzilla.redhat.com/2275744
Vendor advisory: alma — https://bugzilla.redhat.com/2275711
Vendor advisory: alma — https://bugzilla.redhat.com/2275694
Vendor advisory: alma — https://bugzilla.redhat.com/2275580
Vendor advisory: alma — https://bugzilla.redhat.com/2275573
Vendor advisory: alma — https://bugzilla.redhat.com/2275565
Vendor advisory: alma — https://bugzilla.redhat.com/2273654
Vendor advisory: alma — https://bugzilla.redhat.com/2273427
Vendor advisory: alma — https://bugzilla.redhat.com/2273268
Vendor advisory: alma — https://bugzilla.redhat.com/2273247
Vendor advisory: alma — https://bugzilla.redhat.com/2273242
Vendor advisory: alma — https://bugzilla.redhat.com/2273236
Vendor advisory: alma — https://bugzilla.redhat.com/2273174
Vendor advisory: alma — https://bugzilla.redhat.com/2273117
Vendor advisory: alma — https://bugzilla.redhat.com/2273109
Vendor advisory: alma — https://bugzilla.redhat.com/2272795
Vendor advisory: alma — https://bugzilla.redhat.com/2272782
Vendor advisory: alma — https://bugzilla.redhat.com/2271688
Vendor advisory: alma — https://bugzilla.redhat.com/2271686
Vendor advisory: alma — https://bugzilla.redhat.com/2270700
Vendor advisory: alma — https://bugzilla.redhat.com/2270100
Vendor advisory: alma — https://bugzilla.redhat.com/2270084
Vendor advisory: alma — https://bugzilla.redhat.com/2269211
Vendor advisory: alma — https://bugzilla.redhat.com/2269070
Vendor advisory: alma — https://bugzilla.redhat.com/2268118
Vendor advisory: alma — https://bugzilla.redhat.com/2267787
Vendor advisory: alma — https://bugzilla.redhat.com/2266594
Vendor advisory: alma — https://bugzilla.redhat.com/2266497
Vendor advisory: alma — https://bugzilla.redhat.com/2266347
Vendor advisory: alma — https://bugzilla.redhat.com/2266341
Vendor advisory: alma — https://bugzilla.redhat.com/2265797
Vendor advisory: alma — https://bugzilla.redhat.com/2265650
Vendor advisory: alma — https://bugzilla.redhat.com/2265645
Vendor advisory: alma — https://bugzilla.redhat.com/2263879
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:5101
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2024-36950
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2024-36950.html
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:5101
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:5102
Vendor advisory: rocky — https://errata.rockylinux.org/RXSA-2024:5101
Mitigation details
Description kernel: firewire: ohci: mask bus reset interrupts between ISR and bottom half CVSS v3: 4.4 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:51022024-08-08T00:00:00Z Red Hat Enterprise Linux 8kernel-0:4.18.0-553.16.1.el8_10RHSA-2024:51012024-08-08T00:00:00Z…
Description
kernel: firewire: ohci: mask bus reset interrupts between ISR and bottom half
CVSS v3: 4.4 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10 | RHSA-2024:5102 | 2024-08-08T00:00:00Z |
| Red Hat Enterprise Linux 8 | kernel-0:4.18.0-553.16.1.el8_10 | RHSA-2024:5101 | 2024-08-08T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Out of support scope |
| Red Hat Enterprise Linux 7 | kernel | Out of support scope |
| Red Hat Enterprise Linux 7 | kernel-rt | Out of support scope |
| Red Hat Enterprise Linux 9 | kernel | Not affected |
| Red Hat Enterprise Linux 9 | kernel-rt | Not affected |
Apply commands
yum update -y kernel-rt
# or:
dnf upgrade -y kernel-rtAffected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 9 | Not affected |
| redhat | Red Hat Enterprise Linux 9 | Not affected |
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rocky | 8 | fixed | |
| sles | affected | | |
| debian | bookworm | fixed | 6.1.94-1 |
| debian | bullseye | fixed | 5.10.218-1 |
| debian | forky | fixed | 6.8.11-1 |
| debian | sid | fixed | 6.8.11-1 |
| debian | trixie | fixed | 6.8.11-1 |
| almalinux | 8 | fixed | kernel-doc-4.18.0-553.16.1.el8_10.noarch.rpm |
References
- https://errata.rockylinux.org/RXSA-2024:5101
- https://errata.rockylinux.org/RLSA-2024:5102
- https://errata.rockylinux.org/RLSA-2024:5101
- https://www.suse.com/security/cve/CVE-2024-36950.html
- https://security-tracker.debian.org/tracker/CVE-2024-36950
- https://access.redhat.com/errata/RHSA-2024:5101
- https://bugzilla.redhat.com/2263879
- https://bugzilla.redhat.com/2265645
- https://bugzilla.redhat.com/2265650
- https://bugzilla.redhat.com/2265797
- https://bugzilla.redhat.com/2266341
- https://bugzilla.redhat.com/2266347
- https://bugzilla.redhat.com/2266497
- https://bugzilla.redhat.com/2266594
- https://bugzilla.redhat.com/2267787
- https://bugzilla.redhat.com/2268118
- https://bugzilla.redhat.com/2269070
- https://bugzilla.redhat.com/2269211
- https://bugzilla.redhat.com/2270084
- https://bugzilla.redhat.com/2270100
- https://bugzilla.redhat.com/2270700
- https://bugzilla.redhat.com/2271686
- https://bugzilla.redhat.com/2271688
- https://bugzilla.redhat.com/2272782
- https://bugzilla.redhat.com/2272795
Verify integrity in audit chain (admin only). AS-IS.