In the Linux kernel, the following vulnerability has been resolved: dpll: fix pin dump crash for rebound module When a kernel module is unbound but the pin resources were not entirely freed (other kernel module instance of the same PCI device have had kept the reference to that pin), and kernel module is again bound, the pin properties would not be updated (the properties are only assigned when memory for the pin is allocated), prop pointer still points to the kernel module memory of the kernel module which was deallocated on the unbind. If the pin dump is invoked in this state, the result is a kernel crash. Prevent the crash by storing persistent pin properties in dpll subsystem, copy the content from the kernel module when pin is allocated, instead of using memory of the kernel module.
History

Wed, 06 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 11 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 11 Sep 2024 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-17T14:02:27.847Z

Updated: 2024-12-19T08:56:10.188Z

Reserved: 2024-05-17T13:50:33.103Z

Link: CVE-2024-35836

cve-icon Vulnrichment

Updated: 2024-08-02T03:21:48.950Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-17T14:15:20.607

Modified: 2024-11-21T09:21:00.720

Link: CVE-2024-35836

cve-icon Redhat

Severity : Low

Publid Date: 2024-05-17T00:00:00Z

Links: CVE-2024-35836 - Bugzilla