* Re: CVE-2024-39362: i2c: acpi: Unbind mux adapters before delete
[not found] <2024062550-CVE-2024-39362-2d27@gregkh>
@ 2024-07-02 17:05 ` Jean Delvare
2024-07-02 19:16 ` Greg Kroah-Hartman
0 siblings, 1 reply; 2+ messages in thread
From: Jean Delvare @ 2024-07-02 17:05 UTC (permalink / raw)
To: cve, linux-kernel
Cc: Greg Kroah-Hartman, Hamish Martin, Mika Westerberg, Andi Shyti,
Wolfram Sang
Hi all,
On Tue, 2024-06-25 at 16:22 +0200, Greg Kroah-Hartman wrote:
> In the Linux kernel, the following vulnerability has been resolved:
>
> i2c: acpi: Unbind mux adapters before delete
> (...)
>
> The Linux kernel CVE team has assigned CVE-2024-39362 to this issue.
I would like to dispute this CVE. I don't quite understand how this bug
qualifies as a security bug, considering that only root can load and
unload overlay SSDT tables. The bug can't be triggered on purpose by a
remote or local unprivileged user.
The bug causes a warning to be dumped to the kernel log, due to trying
to unbind a companion device which is already unbound, but as far as I
can see, that's all. acpi_unbind_one() is a best-effort function, it
returns 0 no matter what. kernfs_remove_by_ame_ns() will gracefully
return an error code. I can't see any obvious use-after-free happening
so I see no way an attacker could exploit this bug.
So I would cancel this CVE.
For completeness and in case someone objects to the cancellation, I
would also point out that I don't think upstream commit 525e6fabeae2
("i2c / ACPI: add support for ACPI reconfigure notifications") is
sufficient to reproduce the bug. Support for ACPI-defined I2C
multiplexing was only added by commit 98b2b712bc85 ("i2c: i2c-mux-gpio:
Enable this driver in ACPI land") in kernel v5.12 and my understanding
is that this capability has to be used by the SSDT tables in order to
trigger the bug. So at the minimum, the CVE should be amended with this
piece of information.
Thanks,
--
Jean Delvare
SUSE L3 Support
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: CVE-2024-39362: i2c: acpi: Unbind mux adapters before delete
2024-07-02 17:05 ` CVE-2024-39362: i2c: acpi: Unbind mux adapters before delete Jean Delvare
@ 2024-07-02 19:16 ` Greg Kroah-Hartman
0 siblings, 0 replies; 2+ messages in thread
From: Greg Kroah-Hartman @ 2024-07-02 19:16 UTC (permalink / raw)
To: Jean Delvare
Cc: cve, linux-kernel, Hamish Martin, Mika Westerberg, Andi Shyti,
Wolfram Sang
On Tue, Jul 02, 2024 at 07:05:19PM +0200, Jean Delvare wrote:
> Hi all,
>
> On Tue, 2024-06-25 at 16:22 +0200, Greg Kroah-Hartman wrote:
> > In the Linux kernel, the following vulnerability has been resolved:
> >
> > i2c: acpi: Unbind mux adapters before delete
> > (...)
> >
> > The Linux kernel CVE team has assigned CVE-2024-39362 to this issue.
>
> I would like to dispute this CVE. I don't quite understand how this bug
> qualifies as a security bug, considering that only root can load and
> unload overlay SSDT tables. The bug can't be triggered on purpose by a
> remote or local unprivileged user.
>
> The bug causes a warning to be dumped to the kernel log, due to trying
> to unbind a companion device which is already unbound, but as far as I
> can see, that's all. acpi_unbind_one() is a best-effort function, it
> returns 0 no matter what. kernfs_remove_by_ame_ns() will gracefully
> return an error code. I can't see any obvious use-after-free happening
> so I see no way an attacker could exploit this bug.
>
> So I would cancel this CVE.
Now rejected, thanks for the information.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-07-02 19:17 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <2024062550-CVE-2024-39362-2d27@gregkh>
2024-07-02 17:05 ` CVE-2024-39362: i2c: acpi: Unbind mux adapters before delete Jean Delvare
2024-07-02 19:16 ` Greg Kroah-Hartman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox