CVE-2024-35909
Fecha de publicación:
19/05/2024
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
net: wwan: t7xx: Split 64bit accesses to fix alignment issues<br />
<br />
Some of the registers are aligned on a 32bit boundary, causing<br />
alignment faults on 64bit platforms.<br />
<br />
Unable to handle kernel paging request at virtual address ffffffc084a1d004<br />
Mem abort info:<br />
ESR = 0x0000000096000061<br />
EC = 0x25: DABT (current EL), IL = 32 bits<br />
SET = 0, FnV = 0<br />
EA = 0, S1PTW = 0<br />
FSC = 0x21: alignment fault<br />
Data abort info:<br />
ISV = 0, ISS = 0x00000061, ISS2 = 0x00000000<br />
CM = 0, WnR = 1, TnD = 0, TagAccess = 0<br />
GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0<br />
swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000046ad6000<br />
[ffffffc084a1d004] pgd=100000013ffff003, p4d=100000013ffff003, pud=100000013ffff003, pmd=0068000020a00711<br />
Internal error: Oops: 0000000096000061 [#1] SMP<br />
Modules linked in: mtk_t7xx(+) qcserial pppoe ppp_async option nft_fib_inet nf_flow_table_inet mt7921u(O) mt7921s(O) mt7921e(O) mt7921_common(O) iwlmvm(O) iwldvm(O) usb_wwan rndis_host qmi_wwan pppox ppp_generic nft_reject_ipv6 nft_reject_ipv4 nft_reject_inet nft_reject nft_redir nft_quota nft_numgen nft_nat nft_masq nft_log nft_limit nft_hash nft_flow_offload nft_fib_ipv6 nft_fib_ipv4 nft_fib nft_ct nft_chain_nat nf_tables nf_nat nf_flow_table nf_conntrack mt7996e(O) mt792x_usb(O) mt792x_lib(O) mt7915e(O) mt76_usb(O) mt76_sdio(O) mt76_connac_lib(O) mt76(O) mac80211(O) iwlwifi(O) huawei_cdc_ncm cfg80211(O) cdc_ncm cdc_ether wwan usbserial usbnet slhc sfp rtc_pcf8563 nfnetlink nf_reject_ipv6 nf_reject_ipv4 nf_log_syslog nf_defrag_ipv6 nf_defrag_ipv4 mt6577_auxadc mdio_i2c libcrc32c compat(O) cdc_wdm cdc_acm at24 crypto_safexcel pwm_fan i2c_gpio i2c_smbus industrialio i2c_algo_bit i2c_mux_reg i2c_mux_pca954x i2c_mux_pca9541 i2c_mux_gpio i2c_mux dummy oid_registry tun sha512_arm64 sha1_ce sha1_generic seqiv<br />
md5 geniv des_generic libdes cbc authencesn authenc leds_gpio xhci_plat_hcd xhci_pci xhci_mtk_hcd xhci_hcd nvme nvme_core gpio_button_hotplug(O) dm_mirror dm_region_hash dm_log dm_crypt dm_mod dax usbcore usb_common ptp aquantia pps_core mii tpm encrypted_keys trusted<br />
CPU: 3 PID: 5266 Comm: kworker/u9:1 Tainted: G O 6.6.22 #0<br />
Hardware name: Bananapi BPI-R4 (DT)<br />
Workqueue: md_hk_wq t7xx_fsm_uninit [mtk_t7xx]<br />
pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br />
pc : t7xx_cldma_hw_set_start_addr+0x1c/0x3c [mtk_t7xx]<br />
lr : t7xx_cldma_start+0xac/0x13c [mtk_t7xx]<br />
sp : ffffffc085d63d30<br />
x29: ffffffc085d63d30 x28: 0000000000000000 x27: 0000000000000000<br />
x26: 0000000000000000 x25: ffffff80c804f2c0 x24: ffffff80ca196c05<br />
x23: 0000000000000000 x22: ffffff80c814b9b8 x21: ffffff80c814b128<br />
x20: 0000000000000001 x19: ffffff80c814b080 x18: 0000000000000014<br />
x17: 0000000055c9806b x16: 000000007c5296d0 x15: 000000000f6bca68<br />
x14: 00000000dbdbdce4 x13: 000000001aeaf72a x12: 0000000000000001<br />
x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000<br />
x8 : ffffff80ca1ef6b4 x7 : ffffff80c814b818 x6 : 0000000000000018<br />
x5 : 0000000000000870 x4 : 0000000000000000 x3 : 0000000000000000<br />
x2 : 000000010a947000 x1 : ffffffc084a1d004 x0 : ffffffc084a1d004<br />
Call trace:<br />
t7xx_cldma_hw_set_start_addr+0x1c/0x3c [mtk_t7xx]<br />
t7xx_fsm_uninit+0x578/0x5ec [mtk_t7xx]<br />
process_one_work+0x154/0x2a0<br />
worker_thread+0x2ac/0x488<br />
kthread+0xe0/0xec<br />
ret_from_fork+0x10/0x20<br />
Code: f9400800 91001000 8b214001 d50332bf (f9000022)<br />
---[ end trace 0000000000000000 ]---<br />
<br />
The inclusion of io-64-nonatomic-lo-hi.h indicates that all 64bit<br />
accesses can be replaced by pairs of nonatomic 32bit access. Fix<br />
alignment by forcing all accesses to be 32bit on 64bit platforms.
Severidad:
Pendiente de análisis
Última modificación:
19/05/2024