发布时间: 2024年8月23日
修改时间: 2024年8月30日
In the Linux kernel, the following vulnerability has been resolved:can: mcp251xfd: fix infinite loop when xmit failsWhen the mcp251xfd_start_xmit() function fails, the driver stopsprocessing messages, and the interrupt routine does not return,running indefinitely even after killing the running application.Error messages:[ 441.298819] mcp251xfd spi2.0 can0: ERROR in mcp251xfd_start_xmit: -16[ 441.306498] mcp251xfd spi2.0 can0: Transmit Event FIFO buffer not empty. (seq=0x000017c7, tef_tail=0x000017cf, tef_head=0x000017d0, tx_head=0x000017d3).... and repeat forever.The issue can be triggered when multiple devices share the same SPIinterface. And there is concurrent access to the bus.The problem occurs because tx_ring->head increments even ifmcp251xfd_start_xmit() fails. Consequently, the driver skips one TXpackage while still expecting a response inmcp251xfd_handle_tefif_one().Resolve the issue by starting a workqueue to write the tx objsynchronously if err = -EBUSY. In case of another error, decrementtx_ring->head, remove skb from the echo stack, and drop the message.[mkl: use more imperative wording in patch description]
| NVD | openEuler | |
|---|---|---|
| CVSS评分 | 5.5 | 5.5 |
| Attack Vector | Local | Local |
| Attack Complexity | Low | Low |
| Privileges Required | Low | Low |
| User Interaction | None | None |
| Scope | Unchanged | Unchanged |
| Confidentiality | None | None |
| Integrity | None | None |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-3569 | kernel security update | 2024年8月23日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5A | kernel | Unaffected |
| KY3.5.2 | kernel | Fixed |
| V6 | kernel | Fixed |
