Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:bus: mhi: host: Fix race between unprepare and queue_bufA client driver may use mhi_unprepare_from_transfer() to quiesceincoming data during the client driver's tear down. The client drivermight also be processing data at the same time, resulting in a call tomhi_queue_buf() which will invoke mhi_gen_tre(). If mhi_gen_tre() runsafter mhi_unprepare_from_transfer() has torn down the channel, a panicwill occur due to an invalid dereference leading to a page fault.This occurs because mhi_gen_tre() does not verify the channel stateafter locking it. Fix this by having mhi_gen_tre() confirm the channelstate is valid, or return error to avoid accessing deinitialized data.[mani: added stable tag]
No PoCs from references.
- https://github.com/w4zu/Debian_security