CVE-2024-50196

{"id": "CVE-2024-50196", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-11-08T06:15:16.347", "references": [{"url": "https://git.kernel.org/stable/c/20728e86289ab463b99b7ab4425515bd26aba417", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/4a81800ef05bea5a9896f199677f7b7f5020776a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/655f5d4662b958122b260be05aa6dfdf8768efe6", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/93b8ddc54507a227087c60a0013ed833b6ae7d3c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/dcbe9954634807ec54e22bde278b5b269f921381", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-754"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-754"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: ocelot: fix system hang on level based interrupts\n\nThe current implementation only calls chained_irq_enter() and\nchained_irq_exit() if it detects pending interrupts.\n\n```\nfor (i = 0; i < info->stride; i++) {\n\turegmap_read(info->map, id_reg + 4 * i, &reg);\n\tif (!reg)\n\t\tcontinue;\n\n\tchained_irq_enter(parent_chip, desc);\n```\n\nHowever, in case of GPIO pin configured in level mode and the parent\ncontroller configured in edge mode, GPIO interrupt might be lowered by the\nhardware. In the result, if the interrupt is short enough, the parent\ninterrupt is still pending while the GPIO interrupt is cleared;\nchained_irq_enter() never gets called and the system hangs trying to\nservice the parent interrupt.\n\nMoving chained_irq_enter() and chained_irq_exit() outside the for loop\nensures that they are called even when GPIO interrupt is lowered by the\nhardware.\n\nThe similar code with chained_irq_enter() / chained_irq_exit() functions\nwrapping interrupt checking loop may be found in many other drivers:\n```\ngrep -r -A 10 chained_irq_enter drivers/pinctrl\n```"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pinctrl: ocelot: arregla el bloqueo del sistema en interrupciones basadas en niveles La implementaci\u00f3n actual solo llama a chained_irq_enter() y chained_irq_exit() si detecta interrupciones pendientes. ``` for (i = 0; i &lt; info-&gt;stride; i++) { uregmap_read(info-&gt;map, id_reg + 4 * i, \u00ae); if (!reg) continue; chained_irq_enter(parent_chip, desc); ``` Sin embargo, en el caso de que el pin GPIO est\u00e9 configurado en modo de nivel y el controlador principal est\u00e9 configurado en modo de borde, el hardware puede reducir la interrupci\u00f3n GPIO. Como resultado, si la interrupci\u00f3n es lo suficientemente corta, la interrupci\u00f3n principal sigue pendiente mientras se borra la interrupci\u00f3n GPIO; chained_irq_enter() nunca se llama y el sistema se cuelga al intentar dar servicio a la interrupci\u00f3n principal. Mover chained_irq_enter() y chained_irq_exit() fuera del bucle for garantiza que se llamen incluso cuando el hardware reduce la interrupci\u00f3n GPIO. El c\u00f3digo similar con las funciones chained_irq_enter() / chained_irq_exit() que envuelven el bucle de verificaci\u00f3n de interrupciones se puede encontrar en muchos otros controladores: ``` grep -r -A 10 chained_irq_enter drivers/pinctrl ```"}], "lastModified": "2025-10-01T21:16:02.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BDAF23B-6DD3-4FF3-9077-AE6E61F87D65", "versionEndExcluding": "5.15.169"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10FD2B3E-C7D9-4A9C-BD64-41877EDF88EB", "versionEndExcluding": "6.1.114", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B9489BC-825E-4EEE-8D93-F93C801988C8", "versionEndExcluding": "6.6.58", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E62D61A-F704-44DB-A311-17B7534DA7BC", "versionEndExcluding": "6.11.5", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}