漏洞详情: CVE-2024-35876

漏洞标题
x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()
来源:NVD
Linux kernel 安全漏洞
来源:CNNVD
漏洞描述
In the Linux kernel, the following vulnerability has been resolved: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() Modifying a MCA bank's MCA_CTL bits which control which error types to be reported is done over /sys/devices/system/machinecheck/ ├── machinecheck0 │   ├── bank0 │   ├── bank1 │   ├── bank10 │   ├── bank11 ... sysfs nodes by writing the new bit mask of events to enable. When the write is accepted, the kernel deletes all current timers and reinits all banks. Doing that in parallel can lead to initializing a timer which is already armed and in the timer wheel, i.e., in use already: ODEBUG: init active (active state 0) object: ffff888063a28000 object type: timer_list hint: mce_timer_fn+0x0/0x240 arch/x86/kernel/cpu/mce/core.c:2642 WARNING: CPU: 0 PID: 8120 at lib/debugobjects.c:514 debug_print_object+0x1a0/0x2a0 lib/debugobjects.c:514 Fix that by grabbing the sysfs mutex as the rest of the MCA sysfs code does. Reported by: Yue Sun <samsun1006219@gmail.com> Reported by: xingwei lee <xrivendell7@gmail.com>
来源:NVD
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于当写入被接受时,内核将删除所有当前计时器并重新初始化所有存储体。
来源:CNNVD
None
来源:神龙机器人
漏洞评分(CVSS)
NVD 暂无评分
来源:NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
来源:神龙机器人, 准确率:N/A
漏洞类别
NVD 暂无漏洞类别信息
来源:NVD
其他
来源:CNNVD
相关链接