1. Patchew
  2. linux
  3. View series

[PATCH] CVE-2024-56642: Fix wrong fixes tag and function name in commit message.

Siddh Raman Pant posted 1 patch 10 months ago 
cve/published/2024/CVE-2024-56642.diff       | 11 +++++++++++
cve/published/2024/CVE-2024-56642.vulnerable |  1 +
2 files changed, 12 insertions(+)
create mode 100644 cve/published/2024/CVE-2024-56642.diff
create mode 100644 cve/published/2024/CVE-2024-56642.vulnerable
[PATCH] CVE-2024-56642: Fix wrong fixes tag and function name in commit message.
Posted by Siddh Raman Pant 10 months ago 
Signed-off-by: Siddh Raman Pant <siddh.raman.pant@oracle.com>
---
 cve/published/2024/CVE-2024-56642.diff       | 11 +++++++++++
 cve/published/2024/CVE-2024-56642.vulnerable |  1 +
 2 files changed, 12 insertions(+)
 create mode 100644 cve/published/2024/CVE-2024-56642.diff
 create mode 100644 cve/published/2024/CVE-2024-56642.vulnerable

diff --git a/cve/published/2024/CVE-2024-56642.diff b/cve/published/2024/CVE-2024-56642.diff
new file mode 100644
index 000000000000..b31d3694986c
--- /dev/null
+++ b/cve/published/2024/CVE-2024-56642.diff
@@ -0,0 +1,11 @@
+--- a/CVE-2024-56642.mbox
++++ b/CVE-2024-56642.mbox
+@@ -18,7 +18,7 @@ When bearer_disable() calls tipc_udp_disable(), cleanup
+ of the UDP kernel socket is deferred by work calling
+ cleanup_bearer().
+ 
+-tipc_net_stop() waits for such works to finish by checking
++tipc_exit_net() waits for such works to finish by checking
+ tipc_net(net)->wq_count.  However, the work decrements the
+ count too early before releasing the kernel socket,
+ unblocking cleanup_net() and resulting in use-after-free.
diff --git a/cve/published/2024/CVE-2024-56642.vulnerable b/cve/published/2024/CVE-2024-56642.vulnerable
new file mode 100644
index 000000000000..75eac70bd13b
--- /dev/null
+++ b/cve/published/2024/CVE-2024-56642.vulnerable
@@ -0,0 +1 @@
+04c26faa51d1e2fe71cf13c45791f5174c37f986
-- 
2.47.2
Re: [PATCH] CVE-2024-56642: Fix wrong fixes tag and function name in commit message.
Posted by Greg KH 10 months ago 
On Tue, Feb 18, 2025 at 07:23:44PM +0530, Siddh Raman Pant wrote:
> Signed-off-by: Siddh Raman Pant <siddh.raman.pant@oracle.com>

Please provide some text here that descibes what is happening.  We can't
just take commits with no information at all, and neither would you want
us to :)

Also, can you break this up into two commits?  The changelog text I'm
going to have to convert into a diff in a different way.

thanks,

greg k-h
[PATCH 1/2] CVE-2024-56642: Fix wrong fixes tag.
Posted by Siddh Raman Pant 10 months ago 
The fixes tag in the commit message is incorrect. It should be the
commit which adds the counter, which is:

04c26faa51d1 ("tipc: wait and exit until all work queues are done")

Signed-off-by: Siddh Raman Pant <siddh.raman.pant@oracle.com>
---
 cve/published/2024/CVE-2024-56642.vulnerable | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 cve/published/2024/CVE-2024-56642.vulnerable

diff --git a/cve/published/2024/CVE-2024-56642.vulnerable b/cve/published/2024/CVE-2024-56642.vulnerable
new file mode 100644
index 000000000000..75eac70bd13b
--- /dev/null
+++ b/cve/published/2024/CVE-2024-56642.vulnerable
@@ -0,0 +1 @@
+04c26faa51d1e2fe71cf13c45791f5174c37f986
-- 
2.47.2
Re: [PATCH 1/2] CVE-2024-56642: Fix wrong fixes tag.
Posted by Greg KH 10 months ago 
On Tue, Feb 18, 2025 at 08:07:31PM +0530, Siddh Raman Pant wrote:
> The fixes tag in the commit message is incorrect. It should be the
> commit which adds the counter, which is:
> 
> 04c26faa51d1 ("tipc: wait and exit until all work queues are done")
> 
> Signed-off-by: Siddh Raman Pant <siddh.raman.pant@oracle.com>
> ---
>  cve/published/2024/CVE-2024-56642.vulnerable | 1 +
>  1 file changed, 1 insertion(+)
>  create mode 100644 cve/published/2024/CVE-2024-56642.vulnerable
> 
> diff --git a/cve/published/2024/CVE-2024-56642.vulnerable b/cve/published/2024/CVE-2024-56642.vulnerable
> new file mode 100644
> index 000000000000..75eac70bd13b
> --- /dev/null
> +++ b/cve/published/2024/CVE-2024-56642.vulnerable
> @@ -0,0 +1 @@
> +04c26faa51d1e2fe71cf13c45791f5174c37f986
> -- 
> 2.47.2
> 

Many thanks, both now applied and the cve record has been regenerated.

greg k-h
[PATCH 2/2] CVE-2024-56642: Fix mention of wrong function.
Posted by Siddh Raman Pant 10 months ago 
The function which waits is tipc_exit_net(), which has the spinning
while loop at the end.

Signed-off-by: Siddh Raman Pant <siddh.raman.pant@oracle.com>
---
 cve/published/2024/CVE-2024-56642.diff | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 cve/published/2024/CVE-2024-56642.diff

diff --git a/cve/published/2024/CVE-2024-56642.diff b/cve/published/2024/CVE-2024-56642.diff
new file mode 100644
index 000000000000..b31d3694986c
--- /dev/null
+++ b/cve/published/2024/CVE-2024-56642.diff
@@ -0,0 +1,11 @@
+--- a/CVE-2024-56642.mbox
++++ b/CVE-2024-56642.mbox
+@@ -18,7 +18,7 @@ When bearer_disable() calls tipc_udp_disable(), cleanup
+ of the UDP kernel socket is deferred by work calling
+ cleanup_bearer().
+ 
+-tipc_net_stop() waits for such works to finish by checking
++tipc_exit_net() waits for such works to finish by checking
+ tipc_net(net)->wq_count.  However, the work decrements the
+ count too early before releasing the kernel socket,
+ unblocking cleanup_net() and resulting in use-after-free.
-- 
2.47.2

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.