* Re: CVE-2024-39362: i2c: acpi: Unbind mux adapters before delete [not found] <2024062550-CVE-2024-39362-2d27@gregkh> @ 2024-07-02 17:05 ` Jean Delvare 2024-07-02 19:16 ` Greg Kroah-Hartman 0 siblings, 1 reply; 2+ messages in thread From: Jean Delvare @ 2024-07-02 17:05 UTC (permalink / raw) To: cve, linux-kernel Cc: Greg Kroah-Hartman, Hamish Martin, Mika Westerberg, Andi Shyti, Wolfram Sang Hi all, On Tue, 2024-06-25 at 16:22 +0200, Greg Kroah-Hartman wrote: > In the Linux kernel, the following vulnerability has been resolved: > > i2c: acpi: Unbind mux adapters before delete > (...) > > The Linux kernel CVE team has assigned CVE-2024-39362 to this issue. I would like to dispute this CVE. I don't quite understand how this bug qualifies as a security bug, considering that only root can load and unload overlay SSDT tables. The bug can't be triggered on purpose by a remote or local unprivileged user. The bug causes a warning to be dumped to the kernel log, due to trying to unbind a companion device which is already unbound, but as far as I can see, that's all. acpi_unbind_one() is a best-effort function, it returns 0 no matter what. kernfs_remove_by_ame_ns() will gracefully return an error code. I can't see any obvious use-after-free happening so I see no way an attacker could exploit this bug. So I would cancel this CVE. For completeness and in case someone objects to the cancellation, I would also point out that I don't think upstream commit 525e6fabeae2 ("i2c / ACPI: add support for ACPI reconfigure notifications") is sufficient to reproduce the bug. Support for ACPI-defined I2C multiplexing was only added by commit 98b2b712bc85 ("i2c: i2c-mux-gpio: Enable this driver in ACPI land") in kernel v5.12 and my understanding is that this capability has to be used by the SSDT tables in order to trigger the bug. So at the minimum, the CVE should be amended with this piece of information. Thanks, -- Jean Delvare SUSE L3 Support ^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: CVE-2024-39362: i2c: acpi: Unbind mux adapters before delete 2024-07-02 17:05 ` CVE-2024-39362: i2c: acpi: Unbind mux adapters before delete Jean Delvare @ 2024-07-02 19:16 ` Greg Kroah-Hartman 0 siblings, 0 replies; 2+ messages in thread From: Greg Kroah-Hartman @ 2024-07-02 19:16 UTC (permalink / raw) To: Jean Delvare Cc: cve, linux-kernel, Hamish Martin, Mika Westerberg, Andi Shyti, Wolfram Sang On Tue, Jul 02, 2024 at 07:05:19PM +0200, Jean Delvare wrote: > Hi all, > > On Tue, 2024-06-25 at 16:22 +0200, Greg Kroah-Hartman wrote: > > In the Linux kernel, the following vulnerability has been resolved: > > > > i2c: acpi: Unbind mux adapters before delete > > (...) > > > > The Linux kernel CVE team has assigned CVE-2024-39362 to this issue. > > I would like to dispute this CVE. I don't quite understand how this bug > qualifies as a security bug, considering that only root can load and > unload overlay SSDT tables. The bug can't be triggered on purpose by a > remote or local unprivileged user. > > The bug causes a warning to be dumped to the kernel log, due to trying > to unbind a companion device which is already unbound, but as far as I > can see, that's all. acpi_unbind_one() is a best-effort function, it > returns 0 no matter what. kernfs_remove_by_ame_ns() will gracefully > return an error code. I can't see any obvious use-after-free happening > so I see no way an attacker could exploit this bug. > > So I would cancel this CVE. Now rejected, thanks for the information. thanks, greg k-h ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-07-02 19:17 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <2024062550-CVE-2024-39362-2d27@gregkh>
2024-07-02 17:05 ` CVE-2024-39362: i2c: acpi: Unbind mux adapters before delete Jean Delvare
2024-07-02 19:16 ` Greg Kroah-Hartman
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox