Content: A recent vulnerability has been closed in the Linux kernel, specifically related to crypto Xilinx. The issue has been addressed, and calling crypto_finalize_request now requires disabling bottom halves (BH) to avoid triggering a call trace. The details of this solution are discussed below.
According to the Linux kernel, the vulnerability was found in the crypto: xilinx - call finalize function, which needed to be called with BH disabled. This action resolves the issue and prevents the call trace seen before the fix was applied.
[Code snippet from the original post]
The issue was in the crypto_finalize_request function, which was generating an improper call trace when crypto: xilinx was called. After the fix, the function call no longer triggers the warning, protecting the integrity of the system.
Researchers were able to successfully resolve this vulnerability by ensuring that BH is disabled when the crypto_finalize_request function is called. As a result, the code snippet above no longer produces the problematic call trace.
To learn more about the resolution of this vulnerability in the Linux kernel, consider exploring the original references – including the kernel patch, which fully describes the introduced changes and fixes.
In summary, the Linux kernel vulnerability CVE-2024-26877 has been mitigated by disabling BH while calling the crypto_finalize_request function in the crypto: xilinx domain. This change not only maintains the security of the system but also prevents potential issues in the future. Developers and Linux users who utilize the affected crypto: xilinx package in their projects should update their kernel accordingly to protect their systems from this specific vulnerability.
References
1. Kernel patch for CVE-2024-26877
2. Linux Kernel Mailing List (LKML) - Crypto: xilinx - call finalize with bh disabled
Timeline
Published on: 04/17/2024 11:15:09 UTC
Last modified on: 12/19/2024 08:49:14 UTC