CVE-2024-35816: Prevent Leak of Left-over IRQ on Unbind in Linux Kernel
CVE-2024-35816: Prevent Leak of Left-over IRQ on Unbind in Linux Kernel
On May 17, 2024, a new Common Vulnerability and Exposure (CVE) record titled CVE-2024-35816 was published. This vulnerability pertains to the Linux kernel, specifically in the firewire: ohci module. The issue was first resolved in the 5a95f1ded28691e6 commit.
Vulnerability Details
The vulnerability lies in the handling of IRQ requests in the firewire: ohci driver. In particular, the call to free_irq() was removed in pci_remove(), resulting in a remaining interrupt request (IRQ) when the driver is unbound from the device. This leads to a leak at pci_disable_msi() in pci_remove(). The vulnerability is detailed further in the following trace:
remove_proc_entry: removing non-empty directory 'irq/136', leaking at least 'firewire_ohci'
Call Trace:
? remove_proc_entry+0x19c/0x1c0
? __warn+0x81/0x130
? remove_proc_entry+0x19c/0x1c0
? report_bug+0x171/0x1a0
? console_unlock+0x78/0x120
? handle_bug+0x3c/0x80
? exc_invalid_op+0x17/0x70
? asm_exc_invalid_op+0x1a/0x20
? remove_proc_entry+0x19c/0x1c0
unregister_irq_proc+0xf4/0x120
free_desc+0x3d/0xe0
? kfree+0x29f/0x2f0
irq_free_descs+0x47/0x70
msi_domain_free_locked.part.0+0x19d/0x1d0
msi_domain_free_irqs_all_locked+0x81/0xc0
pci_free_msi_irqs+0x12/0x40
pci_disable_msi+0x4c/0x60
pci_remove+0x9d/0xc0 [firewire_ohci
pci_device_remove+0x37/0xa0
device_release_driver_internal+0x19f/0x200
unbind_store+0xa1/0xb0
This vulnerability affects several versions of the Linux kernel, specifically:
- Versions from 5a95f1ded286 to 43c70cbc2502
- Versions from 5a95f1ded286 to 318f6d53dd42
- Versions from 5a95f1ded286 to 575801663c7d
- Linux Kernel 6.5
Versions unaffected include:
- Versions earlier than 6.5
- Versions from 6.6.24 up to 6.6.*
- Versions from 6.7.12 up to 6.7.*
- Versions from 6.8 and later
Mitigation Strategies
To mitigate this issue, it is essential to update the Linux kernel to the fixed versions that remove the leftover IRQ appropriately. Administrators and developers should ensure they are running versions that include the critical updates from the following commits:
Additionally, engineers maintaining systems with affected versions should perform the following actions:
- Identifying affected versions: Use git log or git diff commands to verify if your version lies between the known affected and the fixed versions.
- Apply patches: Use the git pull and git apply commands to integrate the necessary kernel patches available at the provided URLs.
- Rebuild and deploy: Rebuild the kernel after patching and redeploy across the affected systems ensuring that the patched kernel version is in use.
By ensuring timely updates and adherence to proper update protocols, organizations can prevent exploitation of CVE-2024-35816 and maintain the integrity and performance of their systems.
Final Thoughts
This vulnerability highlights the importance of diligent patch management and continuous monitoring of CVE disclosures. Maintain regular checks on the Linux kernel repositories and be prompt in applying security updates to safeguard your infrastructure.