CVE-2024-26690

{"id": "CVE-2024-26690", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-04-03T15:15:52.487", "references": [{"url": "https://git.kernel.org/stable/c/38cc3c6dcc09dc3a1800b5ec22aef643ca11eab8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9680b2ab54ba8d72581100e8c45471306101836e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e6af0f082a4b87b99ad033003be2a904a1791b3f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/38cc3c6dcc09dc3a1800b5ec22aef643ca11eab8", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/9680b2ab54ba8d72581100e8c45471306101836e", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/e6af0f082a4b87b99ad033003be2a904a1791b3f", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: protect updates of 64-bit statistics counters\n\nAs explained by a comment in <linux/u64_stats_sync.h>, write side of struct\nu64_stats_sync must ensure mutual exclusion, or one seqcount update could\nbe lost on 32-bit platforms, thus blocking readers forever. Such lockups\nhave been observed in real world after stmmac_xmit() on one CPU raced with\nstmmac_napi_poll_tx() on another CPU.\n\nTo fix the issue without introducing a new lock, split the statics into\nthree parts:\n\n1. fields updated only under the tx queue lock,\n2. fields updated only during NAPI poll,\n3. fields updated only from interrupt context,\n\nUpdates to fields in the first two groups are already serialized through\nother locks. It is sufficient to split the existing struct u64_stats_sync\nso that each group has its own.\n\nNote that tx_set_ic_bit is updated from both contexts. Split this counter\nso that each context gets its own, and calculate their sum to get the total\nvalue in stmmac_get_ethtool_stats().\n\nFor the third group, multiple interrupts may be processed by different CPUs\nat the same time, but interrupts on the same CPU will not nest. Move fields\nfrom this group to a newly created per-cpu struct stmmac_pcpu_stats."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: stmmac: protege las actualizaciones de los contadores de estad\u00edsticas de 64 bits. Como se explica en un comentario en , el lado de escritura de la estructura u64_stats_sync debe garantizar la exclusi\u00f3n mutua, o uno La actualizaci\u00f3n de seqcount podr\u00eda perderse en plataformas de 32 bits, bloqueando as\u00ed a los lectores para siempre. Estos bloqueos se han observado en el mundo real despu\u00e9s de que stmmac_xmit() en una CPU compitiera con stmmac_napi_poll_tx() en otra CPU. Para solucionar el problema sin introducir un nuevo bloqueo, divida la est\u00e1tica en tres partes: 1. campos actualizados solo bajo el bloqueo de la cola de transmisi\u00f3n, 2. campos actualizados solo durante la encuesta NAPI, 3. campos actualizados solo desde el contexto de interrupci\u00f3n, Actualizaciones de los campos en los dos primeros grupos ya est\u00e1n serializados a trav\u00e9s de otras cerraduras. Basta con dividir la estructura existente u64_stats_sync para que cada grupo tenga el suyo propio. Tenga en cuenta que tx_set_ic_bit se actualiza desde ambos contextos. Divida este contador para que cada contexto tenga el suyo y calcule su suma para obtener el valor total en stmmac_get_ethtool_stats(). Para el tercer grupo, diferentes CPU pueden procesar m\u00faltiples interrupciones al mismo tiempo, pero las interrupciones en la misma CPU no se anidar\u00e1n. Mueva los campos de este grupo a una estructura por CPU stmmac_pcpu_stats reci\u00e9n creada."}], "lastModified": "2025-04-08T15:32:55.320", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8ED485BB-BF8B-4D25-809B-B538663EA8D7", "versionEndExcluding": "6.6.18", "versionStartIncluding": "6.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6D6A5C8-7308-42A9-8A72-ABF3DEA4BB82", "versionEndExcluding": "6.7.6", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}