Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:platform/x86: intel-vbtn: Protect ACPI notify handler against recursionSince commit e2ffcda16290 ("ACPI: OSL: Allow Notify () handlers to run onall CPUs") ACPI notify handlers like the intel-vbtn notify_handler() mayrun on multiple CPU cores racing with themselves.This race gets hit on Dell Venue 7140 tablets when undocking fromthe keyboard, causing the handler to try and register priv->switches_devtwice, as can be seen from the dev_info() message getting logged twice:[ 83.861800] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event[ 83.861858] input: Intel Virtual Switches as /devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17[ 83.861865] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch eventAfter which things go seriously wrong:[ 83.861872] sysfs: cannot create duplicate filename '/devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17'...[ 83.861967] kobject: kobject_add_internal failed for input17 with -EEXIST, don't try to register things with the same name in the same directory.[ 83.877338] BUG: kernel NULL pointer dereference, address: 0000000000000018...Protect intel-vbtn notify_handler() from racing with itself with a mutexto fix this.
No PoCs from references.
- https://github.com/fkie-cad/nvd-json-data-feeds