Ubuntu: (Multiple Advisories) (CVE-2024-36930): Linux kernel vulnerabilities

Ubuntu: (Multiple Advisories) (CVE-2024-36930): Linux kernel vulnerabilities

Severity

5

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

05/30/2024

Created

08/10/2024

Added

08/09/2024

Modified

01/28/2025

Description

In the Linux kernel, the following vulnerability has been resolved: spi: fix null pointer dereference within spi_sync If spi_sync() is called with the non-empty queue and the same spi_message is then reused, the complete callback for the message remains set while the context is cleared, leading to a null pointer dereference when the callback is invoked from spi_finalize_current_message(). With function inlining disabled, the call stack might look like this: _raw_spin_lock_irqsave from complete_with_flags+0x18/0x58 complete_with_flags from spi_complete+0x8/0xc spi_complete from spi_finalize_current_message+0xec/0x184 spi_finalize_current_message from spi_transfer_one_message+0x2a8/0x474 spi_transfer_one_message from __spi_pump_transfer_message+0x104/0x230 __spi_pump_transfer_message from __spi_transfer_message_noqueue+0x30/0xc4 __spi_transfer_message_noqueue from __spi_sync+0x204/0x248 __spi_sync from spi_sync+0x24/0x3c spi_sync from mcp251xfd_regmap_crc_read+0x124/0x28c [mcp251xfd] mcp251xfd_regmap_crc_read [mcp251xfd] from _regmap_raw_read+0xf8/0x154 _regmap_raw_read from _regmap_bus_read+0x44/0x70 _regmap_bus_read from _regmap_read+0x60/0xd8 _regmap_read from regmap_read+0x3c/0x5c regmap_read from mcp251xfd_alloc_can_err_skb+0x1c/0x54 [mcp251xfd] mcp251xfd_alloc_can_err_skb [mcp251xfd] from mcp251xfd_irq+0x194/0xe70 [mcp251xfd] mcp251xfd_irq [mcp251xfd] from irq_thread_fn+0x1c/0x78 irq_thread_fn from irq_thread+0x118/0x1f4 irq_thread from kthread+0xd8/0xf4 kthread from ret_from_fork+0x14/0x28 Fix this by also setting message->complete to NULL when the transfer is complete.

Solution(s)

• ubuntu-upgrade-linux-image-6-8-0-1008-gke
• ubuntu-upgrade-linux-image-6-8-0-1009-raspi
• ubuntu-upgrade-linux-image-6-8-0-1010-ibm
• ubuntu-upgrade-linux-image-6-8-0-1010-oem
• ubuntu-upgrade-linux-image-6-8-0-1010-oracle
• ubuntu-upgrade-linux-image-6-8-0-1010-oracle-64k
• ubuntu-upgrade-linux-image-6-8-0-1011-nvidia
• ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-64k
• ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-lowlatency
• ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-lowlatency-64k
• ubuntu-upgrade-linux-image-6-8-0-1012-azure
• ubuntu-upgrade-linux-image-6-8-0-1012-azure-fde
• ubuntu-upgrade-linux-image-6-8-0-1012-gcp
• ubuntu-upgrade-linux-image-6-8-0-1013-aws
• ubuntu-upgrade-linux-image-6-8-0-40-generic
• ubuntu-upgrade-linux-image-6-8-0-40-generic-64k
• ubuntu-upgrade-linux-image-6-8-0-40-lowlatency
• ubuntu-upgrade-linux-image-6-8-0-40-lowlatency-64k
• ubuntu-upgrade-linux-image-aws
• ubuntu-upgrade-linux-image-azure
• ubuntu-upgrade-linux-image-azure-fde
• ubuntu-upgrade-linux-image-gcp
• ubuntu-upgrade-linux-image-generic
• ubuntu-upgrade-linux-image-generic-64k
• ubuntu-upgrade-linux-image-generic-64k-hwe-24-04
• ubuntu-upgrade-linux-image-generic-hwe-24-04
• ubuntu-upgrade-linux-image-generic-lpae
• ubuntu-upgrade-linux-image-gke
• ubuntu-upgrade-linux-image-ibm
• ubuntu-upgrade-linux-image-ibm-classic
• ubuntu-upgrade-linux-image-ibm-lts-24-04
• ubuntu-upgrade-linux-image-kvm
• ubuntu-upgrade-linux-image-lowlatency
• ubuntu-upgrade-linux-image-lowlatency-64k
• ubuntu-upgrade-linux-image-nvidia
• ubuntu-upgrade-linux-image-nvidia-6-8
• ubuntu-upgrade-linux-image-nvidia-64k
• ubuntu-upgrade-linux-image-nvidia-64k-6-8
• ubuntu-upgrade-linux-image-nvidia-lowlatency
• ubuntu-upgrade-linux-image-nvidia-lowlatency-64k
• ubuntu-upgrade-linux-image-oem-24-04
• ubuntu-upgrade-linux-image-oem-24-04a
• ubuntu-upgrade-linux-image-oracle
• ubuntu-upgrade-linux-image-oracle-64k
• ubuntu-upgrade-linux-image-raspi
• ubuntu-upgrade-linux-image-virtual
• ubuntu-upgrade-linux-image-virtual-hwe-24-04

References

• https://attackerkb.com/topics/cve-2024-36930
• CVE - 2024-36930
• USN-6949-1
• USN-6949-2
• USN-6952-1
• USN-6952-2
• USN-6955-1