UBUNTU-CVE-2024-57949

Description

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() The following call-chain leads to enabling interrupts in a nested interrupt disabled section: irq_set_vcpu_affinity() irq_get_desc_lock() raw_spin_lock_irqsave() <--- Disable interrupts its_irq_set_vcpu_affinity() guard(raw_spinlock_irq) <--- Enables interrupts when leaving the guard() irq_put_desc_unlock() <--- Warns because interrupts are enabled This was broken in commit b97e8a2f7130, which replaced the original raw_spin_[un]lock() pair with guard(raw_spinlock_irq). Fix the issue by using guard(raw_spinlock). [ tglx: Massaged change log ]

CVSS Metrics

• v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Systems

• ubuntu•linux

  < 6.8.0-62.65

• ubuntu•linux-allwinner-5.19

  all

• ubuntu•linux-aws

  < 6.8.0-1030.32

• ubuntu•linux-aws-5.0

  all

• ubuntu•linux-aws-5.11

  all

• ubuntu•linux-aws-5.13

  all

• ubuntu•linux-aws-5.19

  all

• ubuntu•linux-aws-5.3

  all

• ubuntu•linux-aws-5.8

  all

• ubuntu•linux-aws-6.2

  all

• ubuntu•linux-aws-6.5

  all

• ubuntu•linux-aws-6.8

  < 6.8.0-1030.32~22.04.1

• ubuntu•linux-azure

  all | < 6.8.0-1030.35

• ubuntu•linux-azure-5.11

  all

• ubuntu•linux-azure-5.13

  all

• ubuntu•linux-azure-5.19

  all

• ubuntu•linux-azure-5.3

  all

• ubuntu•linux-azure-5.8

  all

• ubuntu•linux-azure-6.11

  < 6.11.0-1013.13~24.04.1

• ubuntu•linux-azure-6.2

  all

• ubuntu•linux-azure-6.5

  all

• ubuntu•linux-azure-6.8

  < 6.8.0-1030.35~22.04.1

• ubuntu•linux-azure-edge

  all

• ubuntu•linux-azure-fde

  all

• ubuntu•linux-azure-fde-5.19

  all

• ubuntu•linux-azure-fde-6.2

  all

• ubuntu•linux-azure-nvidia

  < 6.8.0-1018.19

• ubuntu•linux-gcp

  all | < 6.8.0-1031.33

• ubuntu•linux-gcp-5.11

  all

• ubuntu•linux-gcp-5.13

  all

• ubuntu•linux-gcp-5.19

  all

• ubuntu•linux-gcp-5.3

  all

• ubuntu•linux-gcp-5.8

  all

• ubuntu•linux-gcp-6.11

  < 6.11.0-1013.13~24.04.1

• ubuntu•linux-gcp-6.2

  all

• ubuntu•linux-gcp-6.5

  all

• ubuntu•linux-gcp-6.8

  < 6.8.0-1031.33~22.04.1

• ubuntu•linux-gke

  all | < 6.8.0-1026.30

• ubuntu•linux-gke-4.15

  all

• ubuntu•linux-gke-5.15

  all

• ubuntu•linux-gke-5.4

  all

• ubuntu•linux-gkeop

  all | < 6.8.0-1013.15

• ubuntu•linux-gkeop-5.15

  all

• ubuntu•linux-gkeop-5.4

  all

• ubuntu•linux-hwe

  all

• ubuntu•linux-hwe-5.11

  all

• ubuntu•linux-hwe-5.13

  all

• ubuntu•linux-hwe-5.19

  all

• ubuntu•linux-hwe-5.8

  all

• ubuntu•linux-hwe-6.11

  < 6.11.0-24.24~24.04.1

Showing first 50 affected entries in server-rendered view.

References (17)

• https://ubuntu.com/security/CVE-2024-57949
• https://www.cve.org/CVERecord?id=CVE-2024-57949
• https://git.kernel.org/linus/35cb2c6ce7da545f3b5cb1e6473ad7c3a6f08310
• https://git.kernel.org/stable/c/35cb2c6ce7da545f3b5cb1e6473ad7c3a6f08310
• https://git.kernel.org/stable/c/6c84ff2e788fce0099ee3e71a3ed258b1ca1a223
• https://git.kernel.org/stable/c/93955a7788121ab5a0f7f27e988b2ed1135a4866
• https://git.kernel.org/stable/c/d7b0e89610dd45ac6cf0d6f99bfa9ccc787db344
• https://ubuntu.com/security/notices/USN-7445-1
• https://ubuntu.com/security/notices/USN-7448-1
• https://ubuntu.com/security/notices/USN-7595-1
• https://ubuntu.com/security/notices/USN-7596-1
• https://ubuntu.com/security/notices/USN-7595-2
• https://ubuntu.com/security/notices/USN-7596-2
• https://ubuntu.com/security/notices/USN-7595-3
• https://ubuntu.com/security/notices/USN-7595-4
• https://ubuntu.com/security/notices/USN-7595-5
• https://ubuntu.com/security/notices/USN-7653-1