目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%

CVE-2024-57889— Linux kernel 安全漏洞

AI 预测 4.3 利用难度: 困难 EPSS 0.16% · P6

影响版本矩阵 16

厂商产品版本范围状态
LinuxLinux8f38910ba4f662222157ce07a0d5becc4328c46a< 788d9e9a41b81893d6bb8faa05f045c975278318affected
8f38910ba4f662222157ce07a0d5becc4328c46a< c55d186376a87b468c9ee30f2195e0f3857f61a0affected
8f38910ba4f662222157ce07a0d5becc4328c46a< 9372e160d8211a7e17f2abff8370794f182df785affected
8f38910ba4f662222157ce07a0d5becc4328c46a< 0310cbad163a908d09d99c26827859365cd71fcbaffected
8f38910ba4f662222157ce07a0d5becc4328c46a< 8c6fd5803b988a5e78c9b9e42c70a936d7cfc6ecaffected
8f38910ba4f662222157ce07a0d5becc4328c46a< 830f838589522404cd7c2f0f540602f25034af61affected
8f38910ba4f662222157ce07a0d5becc4328c46a< a37eecb705f33726f1fb7cd2a67e514a15dfe693affected
4.13affected
… +8 条更多
获取后续新漏洞提醒登录后订阅

一、 漏洞 CVE-2024-57889 基础信息

漏洞信息

对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking If a device uses MCP23xxx IO expander to receive IRQs, the following bug can happen: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ... preempt_count: 1, expected: 0 ... Call Trace: ... __might_resched+0x104/0x10e __might_sleep+0x3e/0x62 mutex_lock+0x20/0x4c regmap_lock_mutex+0x10/0x18 regmap_update_bits_base+0x2c/0x66 mcp23s08_irq_set_type+0x1ae/0x1d6 __irq_set_trigger+0x56/0x172 __setup_irq+0x1e6/0x646 request_threaded_irq+0xb6/0x160 ... We observed the problem while experimenting with a touchscreen driver which used MCP23017 IO expander (I2C). The regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from concurrent accesses, which is the default for regmaps without .fast_io, .disable_locking, etc. mcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter locks the mutex. However, __setup_irq() locks desc->lock spinlock before calling these functions. As a result, the system tries to lock the mutex whole holding the spinlock. It seems, the internal regmap locks are not needed in this driver at all. mcp->lock seems to protect the regmap from concurrent accesses already, except, probably, in mcp_pinconf_get/set. mcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under chip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes mcp->lock and enables regmap caching, so that the potentially slow I2C accesses are deferred until chip_bus_unlock(). The accesses to the regmap from mcp23s08_probe_one() do not need additional locking. In all remaining places where the regmap is accessed, except mcp_pinconf_get/set(), the driver already takes mcp->lock. This patch adds locking in mcp_pinconf_get/set() and disables internal locking in the regmap config. Among other things, it fixes the sleeping in atomic context described above.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Linux kernel 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于regmap锁定导致原子环境中休眠。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商产品影响版本CPE订阅
LinuxLinux 8f38910ba4f662222157ce07a0d5becc4328c46a ~ 788d9e9a41b81893d6bb8faa05f045c975278318 -
LinuxLinux 4.13 -

二、漏洞 CVE-2024-57889 的公开POC

#POC 描述源链接神龙链接
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2024-57889 的情报信息

登录查看更多情报信息。

CVE-2024-57889 补丁与修复 (7)

同批安全公告 · Linux · 2025-01-15 · 共 32 条

CVE-2024-57899Linux kernel 安全漏洞
CVE-2024-57857Linux kernel 安全漏洞
CVE-2024-57844Linux kernel 安全漏洞
CVE-2024-57841Linux kernel 安全漏洞
CVE-2024-57802Linux kernel 安全漏洞
CVE-2024-57801Linux kernel 安全漏洞
CVE-2024-57795Linux kernel 安全漏洞
CVE-2024-54031Linux kernel 安全漏洞
CVE-2024-53681Linux kernel 安全漏洞
CVE-2024-39282Linux kernel 安全漏洞
CVE-2024-36476Linux kernel 安全漏洞
CVE-2025-21629Linux kernel 安全漏洞
CVE-2024-57903Linux kernel 安全漏洞
CVE-2024-57901Linux kernel 安全漏洞
CVE-2024-57902Linux kernel 安全漏洞
CVE-2024-57900Linux kernel 安全漏洞
CVE-2024-57882Linux kernel 安全漏洞
CVE-2024-57898Linux kernel 安全漏洞
CVE-2024-57897Linux kernel 安全漏洞
CVE-2024-57896Linux kernel 安全漏洞

显示前 20 条,共 32 条。 查看全部 &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2024-57889

暂无评论


发表评论