5.5

CVE-2024-41068

s390/sclp: Fix sclp_init() cleanup on failure

In the Linux kernel, the following vulnerability has been resolved:

s390/sclp: Fix sclp_init() cleanup on failure

If sclp_init() fails it only partially cleans up: if there are multiple
failing calls to sclp_init() sclp_state_change_event will be added several
times to sclp_reg_list, which results in the following warning:

------------[ cut here ]------------
list_add double add: new=000003ffe1598c10, prev=000003ffe1598bf0, next=000003ffe1598c10.
WARNING: CPU: 0 PID: 1 at lib/list_debug.c:35 __list_add_valid_or_report+0xde/0xf8
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.10.0-rc3
Krnl PSW : 0404c00180000000 000003ffe0d6076a (__list_add_valid_or_report+0xe2/0xf8)
           R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3
...
Call Trace:
 [<000003ffe0d6076a>] __list_add_valid_or_report+0xe2/0xf8
([<000003ffe0d60766>] __list_add_valid_or_report+0xde/0xf8)
 [<000003ffe0a8d37e>] sclp_init+0x40e/0x450
 [<000003ffe00009f2>] do_one_initcall+0x42/0x1e0
 [<000003ffe15b77a6>] do_initcalls+0x126/0x150
 [<000003ffe15b7a0a>] kernel_init_freeable+0x1ba/0x1f8
 [<000003ffe0d6650e>] kernel_init+0x2e/0x180
 [<000003ffe000301c>] __ret_from_fork+0x3c/0x60
 [<000003ffe0d759ca>] ret_from_fork+0xa/0x30

Fix this by removing sclp_state_change_event from sclp_reg_list when
sclp_init() fails.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 4.19.319
LinuxLinux Kernel Version >= 4.20 < 5.4.281
LinuxLinux Kernel Version >= 5.5 < 5.10.223
LinuxLinux Kernel Version >= 5.11 < 5.15.164
LinuxLinux Kernel Version >= 5.16 < 6.1.101
LinuxLinux Kernel Version >= 6.2 < 6.6.42
LinuxLinux Kernel Version >= 6.7 < 6.9.11
LinuxLinux Kernel Version6.10 Updaterc1
LinuxLinux Kernel Version6.10 Updaterc2
LinuxLinux Kernel Version6.10 Updaterc3
LinuxLinux Kernel Version6.10 Updaterc4
LinuxLinux Kernel Version6.10 Updaterc5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.152
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/0a31b3fdc7e735c4f8c65fe4339945c717ed6808
Patch
https://git.kernel.org/stable/c/2e51db7ab71b89dc5a17068f5e201c69f13a4c9a
Patch
https://git.kernel.org/stable/c/455a6653d8700a81aa8ed2b6442a3be476007090
Patch
https://git.kernel.org/stable/c/6434b33faaa063df500af355ee6c3942e0f8d982
Patch
https://git.kernel.org/stable/c/79b4be70d5a160969b805f638ac5b4efd0aac7a3
Patch
https://git.kernel.org/stable/c/a778987afc36d5dc02a1f82d352a81edcaf7eb83
Patch
https://git.kernel.org/stable/c/be0259796d0b76bbc7461e12c186814a9e58244c
Patch
https://git.kernel.org/stable/c/cf521049fcd07071ed42dc9758fce7d5ee120ec6
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html