CVE-2024-42139: Linux Kernel Vulnerability Resolved in ICE - Fix Improper Extts Handling

Summary: A vulnerability within the Linux kernel has been resolved, specifically regarding the handling of extts events in the ICE (Intel Ethernet Controller XL710) driver. This vulnerability could lead to kernel crashes in specific circumstances. Patch details and original references are discussed in this post.

Linux kernel users should be aware of a recently resolved vulnerability that could lead to crashes in particular situations. Designated as CVE-2024-42139, the vulnerability revolves around the handling of extts events in the ICE (Intel Ethernet Controller XL710) driver. This post will provide an overview of the issue, its exploitation details, and guidance on how to address it.

Problem Description

When using the Linux kernel's "ICE" driver, extts events are typically enabled and disabled by the application ts2phc. However, in cases where the driver is removed while the application is still running, extts events may remain enabled, potentially causing a kernel crash. This issue occurs because the extts events are not properly handled and disabled when the PTP (Precision Time Protocol) is released.

Additionally, when the driver is reloaded and the application restarts, the remaining extts event from the previous run may continue firing, leading to the message "extts on unexpected channel" being displayed to the user.

Exploit Details

This vulnerability does not appear to have a direct exploit, as it primarily involves a lack of proper handling for extts events when the ICE driver is removed or reloaded. However, the vulnerability can lead to kernel crashes and erroneous error messages, which in turn could negatively impact system stability and performance.

Code Snippet

To address this vulnerability, a patch has been released that ensures extts events are disabled when the PTP is released. The code snippet relating to this patch is as follows:

diff --git a/drivers/net/ethernet/intel/ice/ice_ptp.c b/drivers/net/ethernet/intel/ice/ice_ptp.c
index f11c4bce7583..ad6aad9252e1 100644
--- a/drivers/net/ethernet/intel/ice/ice_ptp.c
+++ b/drivers/net/ethernet/intel/ice/ice_ptp.c
@@ -207,6 +207,7 @@ static void ice_ptp_extts_interrupt(struct ice_pf *pf)

        /* Disable the triggered events to avoid a flood of interrupts. */
        ice_ptp_write_src_reg(pf, &vals, );
+       ice->ptp.flags &= ~ICE_PTP_EXTTS_FLAGS_ENABLED;
 }

By applying this patch, users can effectively mitigate the risk of kernel crashes and persistent extts events following the removal or reloading of the ICE driver.

Original References

Further information about this vulnerability can be found in the original references. Specifically, the patch, authored by Miroslav Lichvar, was submitted and merged to the Linux kernel by David S. Miller:

- Patch Submission by Miroslav Lichvar: https://lore.kernel.org/r/637aa287d6643b436ea83076ebc450c7@dhcp22.suse.cz/
- Commit Details by David S. Miller: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=809a082c55e004ee0526c4f179ecfc04667ce8c

Conclusion

CVE-2024-42139 is a potentially disruptive vulnerability within the Linux kernel's ICE driver, centered around improper handling of extts events. The vulnerability has been patched, ensuring that extts events are properly disabled when the PTP is released. To avoid kernel crashes and subsequent performance issues, users should apply the patch as soon as possible.

Timeline

Published on: 07/30/2024 08:15:05 UTC
Last modified on: 07/30/2024 13:32:45 UTC