0.0
NA
CVE-2024-26999
Apple Linux pmac_zilog Rx Irq Flood Vulnerability
Description

In the Linux kernel, the following vulnerability has been resolved: serial/pmac_zilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be better than a hard lock-up but it turns out that you get a crash anyway if you're using pmac_zilog as a serial console: ttyPZ0: pmz: rx irq flood ! BUG: spinlock recursion on CPU#0, swapper/0 That's because the pr_err() call in pmz_receive_chars() results in pmz_console_write() attempting to lock a spinlock already locked in pmz_interrupt(). With CONFIG_DEBUG_SPINLOCK=y, this produces a fatal BUG splat. The spinlock in question is the one in struct uart_port. Even when it's not fatal, the serial port rx function ceases to work. Also, the iteration limit doesn't play nicely with QEMU, as can be seen in the bug report linked below. A web search for other reports of the error message "pmz: rx irq flood" didn't produce anything. So I don't think this code is needed any more. Remove it.

INFO

Published Date :

May 1, 2024, 6:15 a.m.

Last Modified :

June 25, 2024, 11:15 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

Exploitability Score :

Affected Products

The following products are affected by CVE-2024-26999 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-26999.

URL Resource
https://git.kernel.org/stable/c/1be3226445362bfbf461c92a5bcdb1723f2e4907
https://git.kernel.org/stable/c/52aaf1ff14622a04148dbb9ccce6d9de5d534ea7
https://git.kernel.org/stable/c/69a02273e288011b521ee7c1f3ab2c23fda633ce
https://git.kernel.org/stable/c/7a3bbe41efa55323b6ea3c35fa15941d4dbecdef
https://git.kernel.org/stable/c/ab86cf6f8d24e63e9aca23da5108af1aa5483928
https://git.kernel.org/stable/c/bbaafbb4651fede8d3c3881601ecaa4f834f9d3f
https://git.kernel.org/stable/c/ca09dfc3cfdf89e6af3ac24e1c6c0be5c575a729
https://git.kernel.org/stable/c/d679c816929d62af51c8e6d7fc0e165c9412d2f3
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-26999 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2024-26999 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jun. 25, 2024

    Action Type Old Value New Value
    Added Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html [No types assigned]
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 29, 2024

    Action Type Old Value New Value
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 03, 2024

    Action Type Old Value New Value
    Added Reference kernel.org https://git.kernel.org/stable/c/69a02273e288011b521ee7c1f3ab2c23fda633ce [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/d679c816929d62af51c8e6d7fc0e165c9412d2f3 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/ab86cf6f8d24e63e9aca23da5108af1aa5483928 [No types assigned]
    Removed Reference kernel.org https://lists.fedoraproject.org/archives/list/[email protected]/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/
    Removed Reference kernel.org https://lists.fedoraproject.org/archives/list/[email protected]/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/
    Removed Reference kernel.org https://lists.fedoraproject.org/archives/list/[email protected]/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 03, 2024

    Action Type Old Value New Value
    Added Reference kernel.org https://lists.fedoraproject.org/archives/list/[email protected]/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/ [No types assigned]
    Added Reference kernel.org https://lists.fedoraproject.org/archives/list/[email protected]/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/ [No types assigned]
    Added Reference kernel.org https://lists.fedoraproject.org/archives/list/[email protected]/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/ [No types assigned]
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 01, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: serial/pmac_zilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be better than a hard lock-up but it turns out that you get a crash anyway if you're using pmac_zilog as a serial console: ttyPZ0: pmz: rx irq flood ! BUG: spinlock recursion on CPU#0, swapper/0 That's because the pr_err() call in pmz_receive_chars() results in pmz_console_write() attempting to lock a spinlock already locked in pmz_interrupt(). With CONFIG_DEBUG_SPINLOCK=y, this produces a fatal BUG splat. The spinlock in question is the one in struct uart_port. Even when it's not fatal, the serial port rx function ceases to work. Also, the iteration limit doesn't play nicely with QEMU, as can be seen in the bug report linked below. A web search for other reports of the error message "pmz: rx irq flood" didn't produce anything. So I don't think this code is needed any more. Remove it.
    Added Reference kernel.org https://git.kernel.org/stable/c/7a3bbe41efa55323b6ea3c35fa15941d4dbecdef [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/bbaafbb4651fede8d3c3881601ecaa4f834f9d3f [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/52aaf1ff14622a04148dbb9ccce6d9de5d534ea7 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/ca09dfc3cfdf89e6af3ac24e1c6c0be5c575a729 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/1be3226445362bfbf461c92a5bcdb1723f2e4907 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-26999 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-26999 weaknesses.

NONE - Vulnerability Scoring System
: