CVE-2024-44951: serial: sc16is7xx: fix TX fifo corruption
First published: Wed Sep 04 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: fix TX fifo corruption Sometimes, when a packet is received on channel A at almost the same time as a packet is about to be transmitted on channel B, we observe with a logic analyzer that the received packet on channel A is transmitted on channel B. In other words, the Tx buffer data on channel B is corrupted with data from channel A. The problem appeared since commit 4409df5866b7 ("serial: sc16is7xx: change EFR lock to operate on each channels"), which changed the EFR locking to operate on each channel instead of chip-wise. This commit has introduced a regression, because the EFR lock is used not only to protect the EFR registers access, but also, in a very obscure and undocumented way, to protect access to the data buffer, which is shared by the Tx and Rx handlers, but also by each channel of the IC. Fix this regression first by switching to kfifo_out_linear_ptr() in sc16is7xx_handle_tx() to eliminate the need for a shared Rx/Tx buffer. Secondly, replace the chip-wise Rx buffer with a separate Rx buffer for each channel.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=6.1.76<6.2 | |
| Linux Kernel | >=6.6.15<6.7 | |
| Linux Kernel | >=6.7.3<6.8 | |
| Linux Kernel | >=6.8<6.10.5 | |
| Linux Kernel | =6.11-rc1 | |
| Linux Kernel | =6.11-rc2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-44951?
CVE-2024-44951 is classified with a moderate severity level due to its potential impact on data integrity in the Linux kernel.
Which versions of the Linux kernel are affected by CVE-2024-44951?
CVE-2024-44951 affects Linux kernel versions from 6.1.76 to 6.2, as well as later versions up to 6.11-rc2.
How do I fix CVE-2024-44951?
To fix CVE-2024-44951, upgrade your Linux kernel to a patched version that addresses this vulnerability.
What type of vulnerability is CVE-2024-44951?
CVE-2024-44951 is a vulnerability related to TX FIFO corruption occurring in the serial driver for the sc16is7xx chipset within the Linux kernel.
What are the potential consequences of CVE-2024-44951?
The potential consequences of CVE-2024-44951 include data corruption during transmission, which may disrupt communication processes.
- agent/references
- agent/title
- agent/first-publish-date
- agent/description
- agent/type
- agent/author
- agent/event
- agent/severity
- agent/remedy
- agent/weakness
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.1.76
- version/linux kernel/6.6.15
- version/linux kernel/6.7.3
- version/linux kernel/6.8
- version/linux kernel/6.11-rc1
- version/linux kernel/6.11-rc2