CVE-2024-50113: firewire: core: fix invalid port index for parent device
First published: Tue Nov 05 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: firewire: core: fix invalid port index for parent device In a commit 24b7f8e5cd65 ("firewire: core: use helper functions for self ID sequence"), the enumeration over self ID sequence was refactored with some helper functions with KUnit tests. These helper functions are guaranteed to work expectedly by the KUnit tests, however their application includes a mistake to assign invalid value to the index of port connected to parent device. This bug affects the case that any extra node devices which has three or more ports are connected to 1394 OHCI controller. In the case, the path to update the tree cache could hits WARN_ON(), and gets general protection fault due to the access to invalid address computed by the invalid value. This commit fixes the bug to assign correct port index.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=6.11<6.11.6 | |
| Linux Kernel | =6.12-rc1 | |
| Linux Kernel | =6.12-rc2 | |
| Linux Kernel | =6.12-rc3 | |
| Linux Kernel | =6.12-rc4 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/90753a38bc3d058820981f812a908a99f7b337c1
- https://git.kernel.org/stable/c/f6a6780e0b9bbcf311a727afed06fee533a5e957
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50113
- https://nvd.nist.gov/vuln/detail/CVE-2024-50113
- https://launchpad.net/bugs/cve/CVE-2024-50113
- https://security-tracker.debian.org/tracker/CVE-2024-50113
- https://ubuntu.com/security/CVE-2024-50113
- https://git.kernel.org/linus/f6a6780e0b9bbcf311a727afed06fee533a5e957
Frequently Asked Questions
What is the severity of CVE-2024-50113?
CVE-2024-50113 has been classified as a high severity vulnerability due to its potential impact on the Linux kernel.
How do I fix CVE-2024-50113?
To fix CVE-2024-50113, upgrade to a patched version of the Linux kernel such as 5.10.223-1, 6.1.123-1, or 6.12.12-1.
Which versions of the Linux kernel are affected by CVE-2024-50113?
CVE-2024-50113 affects Linux kernel versions from 6.11 to 6.12-rc4.
Is CVE-2024-50113 related to security vulnerabilities in Firewire?
Yes, CVE-2024-50113 is related to a vulnerability in the Firewire support within the Linux kernel.
What is the potential impact of CVE-2024-50113?
The potential impact of CVE-2024-50113 includes abnormal kernel behavior and possible denial of service conditions.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/remedy
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- agent/source
- agent/references
- agent/softwarecombine
- agent/tags
- agent/description
- collector/nvd-cve
- agent/event
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.11
- version/linux kernel/6.12-rc1
- version/linux kernel/6.12-rc2
- version/linux kernel/6.12-rc3
- version/linux kernel/6.12-rc4
- package-manager/debian