{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36029", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.160Z", "datePublished": "2024-05-30T15:19:43.110Z", "dateUpdated": "2024-11-05T09:27:05.150Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:27:05.150Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: sdhci-msm: pervent access to suspended controller\n\nGeneric sdhci code registers LED device and uses host->runtime_suspended\nflag to protect access to it. The sdhci-msm driver doesn't set this flag,\nwhich causes a crash when LED is accessed while controller is runtime\nsuspended. Fix this by setting the flag correctly."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/mmc/host/sdhci-msm.c"], "versions": [{"version": "67e6db113c90", "lessThan": "1200481cd606", "status": "affected", "versionType": "git"}, {"version": "67e6db113c90", "lessThan": "a957ea5aa3d3", "status": "affected", "versionType": "git"}, {"version": "67e6db113c90", "lessThan": "56b99a52229d", "status": "affected", "versionType": "git"}, {"version": "67e6db113c90", "lessThan": "f653b04a818c", "status": "affected", "versionType": "git"}, {"version": "67e6db113c90", "lessThan": "f8def10f73a5", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/mmc/host/sdhci-msm.c"], "versions": [{"version": "4.10", "status": "affected"}, {"version": "0", "lessThan": "4.10", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.158", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.90", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.30", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.9", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/1200481cd6069d16ce20133bcd86f5825e26a045"}, {"url": "https://git.kernel.org/stable/c/a957ea5aa3d3518067a1ba32c6127322ad348d20"}, {"url": "https://git.kernel.org/stable/c/56b99a52229d7f8cd1f53d899f57aa7eb4b199af"}, {"url": "https://git.kernel.org/stable/c/f653b04a818c490b045c97834d559911479aa1c5"}, {"url": "https://git.kernel.org/stable/c/f8def10f73a516b771051a2f70f2f0446902cb4f"}], "title": "mmc: sdhci-msm: pervent access to suspended controller", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-12T19:34:39.267848Z", "id": "CVE-2024-36029", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T19:34:47.223Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:30:12.966Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/1200481cd6069d16ce20133bcd86f5825e26a045", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a957ea5aa3d3518067a1ba32c6127322ad348d20", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/56b99a52229d7f8cd1f53d899f57aa7eb4b199af", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f653b04a818c490b045c97834d559911479aa1c5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f8def10f73a516b771051a2f70f2f0446902cb4f", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/1200481cd6069d16ce20133bcd86f5825e26a045", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a957ea5aa3d3518067a1ba32c6127322ad348d20", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/56b99a52229d7f8cd1f53d899f57aa7eb4b199af", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f653b04a818c490b045c97834d559911479aa1c5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f8def10f73a516b771051a2f70f2f0446902cb4f", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:30:12.966Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36029", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-12T19:34:39.267848Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T19:34:43.750Z"}}], "cna": {"title": "mmc: sdhci-msm: pervent access to suspended controller", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "67e6db113c90", "lessThan": "1200481cd606", "versionType": "git"}, {"status": "affected", "version": "67e6db113c90", "lessThan": "a957ea5aa3d3", "versionType": "git"}, {"status": "affected", "version": "67e6db113c90", "lessThan": "56b99a52229d", "versionType": "git"}, {"status": "affected", "version": "67e6db113c90", "lessThan": "f653b04a818c", "versionType": "git"}, {"status": "affected", "version": "67e6db113c90", "lessThan": "f8def10f73a5", "versionType": "git"}], "programFiles": ["drivers/mmc/host/sdhci-msm.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.10"}, {"status": "unaffected", "version": "0", "lessThan": "4.10", "versionType": "custom"}, {"status": "unaffected", "version": "5.15.158", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.90", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.30", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.9", "versionType": "custom", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/mmc/host/sdhci-msm.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/1200481cd6069d16ce20133bcd86f5825e26a045"}, {"url": "https://git.kernel.org/stable/c/a957ea5aa3d3518067a1ba32c6127322ad348d20"}, {"url": "https://git.kernel.org/stable/c/56b99a52229d7f8cd1f53d899f57aa7eb4b199af"}, {"url": "https://git.kernel.org/stable/c/f653b04a818c490b045c97834d559911479aa1c5"}, {"url": "https://git.kernel.org/stable/c/f8def10f73a516b771051a2f70f2f0446902cb4f"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: sdhci-msm: pervent access to suspended controller\n\nGeneric sdhci code registers LED device and uses host->runtime_suspended\nflag to protect access to it. The sdhci-msm driver doesn't set this flag,\nwhich causes a crash when LED is accessed while controller is runtime\nsuspended. Fix this by setting the flag correctly."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-30T15:19:43.110Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36029", "state": "PUBLISHED", "dateUpdated": "2024-08-02T03:30:12.966Z", "dateReserved": "2024-05-17T13:50:33.160Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-30T15:19:43.110Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: sdhci-msm: pervent access to suspended controller\n\nGeneric sdhci code registers LED device and uses host->runtime_suspended\nflag to protect access to it. The sdhci-msm driver doesn't set this flag,\nwhich causes a crash when LED is accessed while controller is runtime\nsuspended. Fix this by setting the flag correctly."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mmc: sdhci-msm: acceso prohibido al controlador suspendido El c\u00f3digo sdhci gen\u00e9rico registra el dispositivo LED y utiliza el indicador host->runtime_suspended para proteger el acceso al mismo. El controlador sdhci-msm no establece este indicador, lo que provoca un bloqueo cuando se accede al LED mientras el controlador est\u00e1 suspendido en tiempo de ejecuci\u00f3n. Solucione este problema configurando la bandera correctamente."}], "id": "CVE-2024-36029", "lastModified": "2024-05-30T18:19:11.743", "metrics": {}, "published": "2024-05-30T16:15:11.247", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1200481cd6069d16ce20133bcd86f5825e26a045"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/56b99a52229d7f8cd1f53d899f57aa7eb4b199af"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a957ea5aa3d3518067a1ba32c6127322ad348d20"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f653b04a818c490b045c97834d559911479aa1c5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f8def10f73a516b771051a2f70f2f0446902cb4f"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: mmc: sdhci-msm: pervent access to suspended controller", "id": "2284411", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284411"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-457", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmmc: sdhci-msm: pervent access to suspended controller\nGeneric sdhci code registers LED device and uses host->runtime_suspended\nflag to protect access to it. The sdhci-msm driver doesn't set this flag,\nwhich causes a crash when LED is accessed while controller is runtime\nsuspended. Fix this by setting the flag correctly.", "A vulnerability was found in the Linux kernel\u2019s mmc: sdhci-msm driver, which allowed access to a suspended controller. This issue potentially leads to system instability or data corruption when the controller is not actively in use."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-36029", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-36029\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-36029\nhttps://lore.kernel.org/linux-cve-announce/2024053057-CVE-2024-36029-e157@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.15.158, kernel 6.1.90, kernel 6.6.30, kernel 6.8.9, kernel 6.9"}