CVE-2024-37021: fpga: manager: add owner module and take its refcount
First published: Mon Jun 24 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: fpga: manager: add owner module and take its refcount The current implementation of the fpga manager assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's refcount. This approach is problematic since it can lead to a null pointer dereference while attempting to get the manager if the parent device does not have a driver. To address this problem, add a module owner pointer to the fpga_manager struct and use it to take the module's refcount. Modify the functions for registering the manager to take an additional owner module parameter and rename them to avoid conflicts. Use the old function names for helper macros that automatically set the module that registers the manager as the owner. This ensures compatibility with existing low-level control modules and reduces the chances of registering a manager without setting the owner. Also, update the documentation to keep it consistent with the new interface for registering an fpga manager. Other changes: opportunistically move put_device() from __fpga_mgr_get() to fpga_mgr_get() and of_fpga_mgr_get() to improve code clarity since the manager device is taken in these functions.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux | <=5.10.223-1<=5.10.226-1<=6.1.119-1 | 6.1.123-1 6.12.10-1 6.12.11-1 |
| Linux Kernel | >=4.4<6.1.120 | |
| Linux Kernel | >=6.2<6.6.33 | |
| Linux Kernel | >=6.7<6.9.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/2da62a139a6221a345db4eb9f4f1c4b0937c89ad
- https://git.kernel.org/stable/c/4d4d2d4346857bf778fafaa97d6f76bb1663e3c9
- https://git.kernel.org/stable/c/62ac496a01c9337a11362cea427038ba621ca9eb
- https://launchpad.net/bugs/cve/CVE-2024-37021
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37021
- https://nvd.nist.gov/vuln/detail/CVE-2024-37021
- https://security-tracker.debian.org/tracker/CVE-2024-37021
- https://ubuntu.com/security/CVE-2024-37021
- https://git.kernel.org/linus/4d4d2d4346857bf778fafaa97d6f76bb1663e3c9
- https://git.kernel.org/stable/c/304f8032d601d4f9322ca841cd0b573bd1beb158
Frequently Asked Questions
What is the severity of CVE-2024-37021?
CVE-2024-37021 is classified as a moderate severity vulnerability in the Linux kernel.
How do I fix CVE-2024-37021?
To mitigate CVE-2024-37021, users should upgrade to the recommended versions of the Linux kernel, specifically linux version 6.1.123-1, 6.12.10-1, or 6.12.11-1.
What systems are affected by CVE-2024-37021?
CVE-2024-37021 affects various Debian systems running specific versions of the Linux kernel.
What does CVE-2024-37021 impact?
CVE-2024-37021 impacts the fpga manager functionality within the Linux kernel.
Is CVE-2024-37021 exploitable?
CVE-2024-37021 may be exploitable under certain conditions, emphasizing the need for timely patching.
- agent/weakness
- agent/title
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/first-publish-date
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/references
- agent/trending
- collector/nvd-cve
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/source
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/nvd-api
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- package-manager/debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.4
- version/linux kernel/6.2
- version/linux kernel/6.7