Homepage

CVE-2024-47141 Affecting kernel-devel-coco package, versions <6.4.0-15061.12.coco15sp6.1

Severity

 Recommended
0.0
medium
0
10

Based on SUSE Linux Enterprise Server security rating.

Threat Intelligence

EPSS
0.05% (18th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-SLES156-KERNELDEVELCOCO-8676154
  • published30 Jan 2025
  • disclosed29 Jan 2025
Report a new vulnerability Found a mistake?

Introduced: 29 Jan 2025

NewCVE-2024-47141  (opens in a new tab)

How to fix?

Upgrade SLES:15.6 kernel-devel-coco to version 6.4.0-15061.12.coco15sp6.1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-devel-coco package and not the kernel-devel-coco package as distributed by SLES. See How to fix? for SLES:15.6 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

pinmux: Use sequential access to access desc->pinmux data

When two client of the same gpio call pinctrl_select_state() for the same functionality, we are seeing NULL pointer issue while accessing desc->mux_owner.

Let's say two processes A, B executing in pin_request() for the same pin and process A updates the desc->mux_usecount but not yet updated the desc->mux_owner while process B see the desc->mux_usecount which got updated by A path and further executes strcmp and while accessing desc->mux_owner it crashes with NULL pointer.

Serialize the access to mux related setting with a mutex lock.

cpu0 (process A)			cpu1(process B)

pinctrl_select_state() { pinctrl_select_state() { pin_request() { pin_request() { ... .... } else { desc->mux_usecount++; desc->mux_usecount && strcmp(desc->mux_owner, owner)) {

     if (desc-&gt;mux_usecount &gt; 1)
           return 0;
     desc-&gt;mux_owner = owner;

} }

CVSS Scores

version 3.1